As vehicles become increasingly connected, introducing advanced features like remote engine start for enhanced safety and convenience, automotive cybersecurity becomes even more important. Vehicle-related applications, directly interfacing with car control systems, pose significant risks if their security is compromised. These applications often rely on SSL/TLS (Secure Socket Layer/Transport Layer Security) protocols for secure internet connections and data protection. However, improper SSL/TLS implementations can lead to vulnerabilities and subsequent cyberattacks. In addition, most existing research has focused on Android, leaving a gap in understanding iOS app security in this context. Our research aims to fill this gap by examining 278 iOS vehicle-related applications across various categories including Original Equipment Manufacturer (OEM)-developed apps, car insurance apps, car-related apps, and On-Board Diagnostics-II (OBD-II) tool apps. Particularly, to effectively assess the SSL/TLS implementation, we employ Man-In-The-Middle (MITM) attacks, a technique mirroring real-world hacking strategies. This approach allows us to evaluate the apps' resilience against such attacks and identify vulnerabilities in their SSL/TLS protocols. We identify 5 of these applications that have vulnerabilities, compromising sensitive data. Moreover, we develop machine learning techniques to create a detection tool, enhancing detection capabilities. By using traffic data from the apps we tested and employing random forest, the proposed model achieves a 99.91% accuracy rate in identifying vulnerabilities.
