Harness: Transparent and Lightweight Protection of Vehicle Control on Untrusted Android Automotive Operating System
Haochen Gong
34th USENIX Security Symposium (USENIX Security '25) · Day 2 · System Security 3: Mobile Platforms
Modern vehicles increasingly integrate sophisticated infotainment systems, with Android Automotive OS (AOS) emerging as a prominent platform due to its rich functionality, including touchscreen interfaces, voice assistance, diverse connectivity options, and support for third-party applications. Crucially, these systems are also often connected to critical electronic control units (ECUs) via the in-vehicle network, enabling direct vehicle control functions such as operating door locks, windows, seats, gear shifts, and even parking brakes. While these features enhance user experience, they simultaneously introduce significant security vulnerabilities. The inherent complexity and extensive functionality of Android expand the attack surface and enlarge the Trusted Computing Base (TCB), making the system susceptible to compromise.
AI review
Solid systems security research tackling a real and underexplored attack surface — Android Automotive as an untrusted host for safety-critical vehicle control. The threat model is honest, the implementation is concrete, and the engineering to handle Android's IPC complexity (Binder mediation, AIDL call gates, ownership-based shared memory) shows genuine depth. Not groundbreaking enough for a 5 given the Raspberry Pi/Cuttlefish prototype limitations and the gap between demo hardware and production automotive platforms, but this is real work done by people who went deep.