Authors: Simon Ebbers, Stefan Gense, Mouad Bakkouch, Felix Freiling, Sebastian Schinzel



Modern vehicles such as cars, trucks and motorcycles contain an increasing number of embedded computers that continuously exchange telemetry data like current mileage, tire pressure, expected range and geolocation to the manufacturer’s cloud. Vehicle owners can access this data via Vehicle Assistant Apps (VAA). Naturally, this data is of increasing interest to law enforcement in criminal investigations. While manufacturers must comply with local laws requiring them to hand over the data of suspects upon the issuance of a warrant, this process can be time-consuming and cause an additional delay in a case. Making use of novel API-based access methods in cloud forensic investigations, we present a method to get permanent access to a vehicle’s cloud data by directly accessing cloud servers given suspects’ credentials. We analysed a set of 23 different VAAs and pointed out the potentially accessible data categories. With our proof of concept tool in combination with six provided vehicles from BMW, Dacia, Ford, Hyundai, Mercedes and Tesla, we verified the accessibility of the data categories. Our findings demonstrate that the API-based forensic acquisition and analysis of vehicle cloud data provides important insights to be considered in future digital forensic investigations of vehicles.