The Car Hacker's Handbook
A Guide for the Penetration Tester
"We're all safer when the systems we depend upon are inspectable, auditable, and documented – and this definitely includes cars." – Chris Evans, hacker and founder of Project Zero
Modern cars are more computerized than ever. Infotainment and navigation systems, Wi-Fi, automatic software updates, and other innovations aim to make driving more convenient. But vehicle technologies haven’t kept pace with today’s more hostile security environment, leaving millions vulnerable to attack.
The Car Hacker’s Handbook will give you a deeper understanding of the computer systems and embedded software in modern vehicles. It begins by examining vulnerabilities and providing detailed explanations of communications over the CAN bus and between devices and systems.
Then, once you have an understanding of a vehicle’s communication network, you’ll learn how to intercept data and perform specific hacks to track vehicles, unlock doors, glitch engines, flood communication, and more. With a focus on low-cost, open source hacking tools such as Metasploit, Wireshark, Kayak, can-utils, and ChipWhisperer, The Car Hacker’s Handbook will show you how to:
- Build an accurate threat model for your vehicle
- Reverse engineer the CAN bus to fake engine signals
- Exploit vulnerabilities in diagnostic and data-logging systems
- Hack the ECU and other firmware and embedded systems
- Feed exploits through infotainment and vehicle-to-vehicle communication systems
- Override factory settings with performance-tuning techniques
- Build physical and virtual test benches to try out exploits safely
If you’re curious about automotive security and have the urge to hack a two-ton computer, make The Car Hacker’s Handbook your first stop.
Craig Smith runs Theia Labs, a research firm that focuses on security auditing and building hardware and software prototypes. He has worked for several auto manufacturers and provided them with his public research. He is also a founder of the Hive13 hackerspace and OpenGarages.org. Craig is a frequent speaker on car hacking and has run workshops at RSA, DEF CON, and other major security conferences.