As vehicles evolve into intelligent and connected system platform, in-vehicle infotainment (IVI) system is becoming indispensable part by delivering enhanced user experiences like media control, navigation and integration with vehicle functions. However, its increasing complexity introduces more critical security challenges, particularly firmware update mechanism. This paper presents a comprehensive analysis of firmware security in two generations of IVI systems deployed in commercially available vehicles released between 2016 and 2019. The analysis begins by analyzing update packages to understand system structures, encryption schemes, and verification workflows. This research uncovers vulnerabilities in hash verification, key management, and privilege enforcement. Practical methods are utilized for bypassing firmware integrity checks, decrypting update packages, and modifying system partitions. The findings highlight the absence of consistent secure update standards across vehicle generations and emphasize the urgent need for stronger firmware authentication, robust encryption, and hardened system-level protections in future automotive platforms.

错误:搜索内容不能为空,请输入英文关键词
错误:关键词超出字数限制,请精简
高级检索

Firmware Security and Update Mechanism Analysis of IVI System

  • Purevbaatar Ganbold,
  • Kyungbin Park,
  • Munkhdelgerekh Batzorig,
  • Kangbin Yim

摘要

As vehicles evolve into intelligent and connected system platform, in-vehicle infotainment (IVI) system is becoming indispensable part by delivering enhanced user experiences like media control, navigation and integration with vehicle functions. However, its increasing complexity introduces more critical security challenges, particularly firmware update mechanism. This paper presents a comprehensive analysis of firmware security in two generations of IVI systems deployed in commercially available vehicles released between 2016 and 2019. The analysis begins by analyzing update packages to understand system structures, encryption schemes, and verification workflows. This research uncovers vulnerabilities in hash verification, key management, and privilege enforcement. Practical methods are utilized for bypassing firmware integrity checks, decrypting update packages, and modifying system partitions. The findings highlight the absence of consistent secure update standards across vehicle generations and emphasize the urgent need for stronger firmware authentication, robust encryption, and hardened system-level protections in future automotive platforms.