The Changing World of IoT Forensics in Motor Vehicles

Modern vehicles have complex internal architecture and is wirelessly connected to the Internet, other vehicles, and the smart city infrastructure. The risk of cyber-attacks and other criminal incidents along with recent road accidents fraud requires the need for more automotive digital forensics.

It is well known that increased complexity increases the risk of vulnerabilities and, thus, potential attack vectors. The vehicle is connected to the outside world via various connection interfaces giving rise to Vehicle-to-Everything (V2X) communication. Wireless connections occur via, e.g., 3G/4G/5G, WiFi, and Bluetooth, and physical connections via, e.g., OBD-II, USB, and ECU diagnostic ports. The communication is extensive considering the amount of data generated in the vehicle and the increasing communication with the outside world, such as with other vehicles, roadside units (RSUs), and with cloud-based services.

Risk Diversion believes that the lack of digital forensics guidelines and digital forensics mechanisms within the automotive industry is a valid concern. After numerous data extraction taken from various makes and models, we have identified that data generated in two areas, inside the vehicle, such as the infotainment module, and the latter, outside the vehicle, such as the cloud connection.

As more vehicle manufacturers strive to keep the high development pace aligned to gain an advantage over competitors has also resulted in a lack of security measures. As vehicles become more vulnerable to hacker attacks and the lack of standardization, e.g., data interfaces, recording units, data storage, makes forensic investigation between brands and vehicle models more. challenging.

Automotive forensics requires identifying, acquiring, and analysing data that potentially can be used as digital evidence. The relevancy of a particular data to a forensic investigation depends on the type of crime being investigated.

Breaches of automotive systems have been in the forefront of the global media for more than a year. Wired and wireless exploitation of vehicle systems has become a critical safety concern for the automotive industry.

A high volume of crimes involves a vehicle, and almost every crime involves a digital element. A connecting smartphone to a car via USB just to charge will still result in some phone data being stored on the infotainment system. Some of the artifacts found are:

1. Many vehicle systems have an event log, recording things like doors opening/closing, lights turning on/off, etc. These events are often accompanied by a timestamp and geolocation data.

2. A device’s contact list, or phonebook, is one of the first and most common things to be uploaded and stored on an infotainment system.

3. If a driver uses the infotainment interface to “delete” their device, that device information often remains in unallocated space and can be recovered.

4. Having access to a suspect’s connected vehicle is the next best thing behind having the actual phone itself.

5. Data can remain on a vehicle’s system for weeks, months or even years.

6. Vehicle forensic data compliments accident reconstruction data, allowing the investigator to create a robust recreation of what happened before, during and after an accident. However, in recent years, Risk Diversion noted the process of prosecuting offenders has become more sophisticated and now also encompasses the extraction of data from inside vehicles. From the mechanisms used to enhance the driving experience to inbuilt entertainment systems, all can assist in the detection of crime and can be admissible as evidence in court.