62 Learning Resources About Vehicle Security and Car Hacking

Security breaches in the automotive sector have been increasingly difficult to prevent due to increasingly sophisticated attack methods. The risks are constantly evolving, impacting the security of the vehicles’ control systems. Teach yourself how to avoid the cars you drive every day from becoming fodder for cybercriminals. More than 100-million cars on the road will be vulnerable to cyber attacks more than ten years from now. Car technology will continue to advance with automatic braking, blind-spot warnings, night vision, self-parking, phones built into dashboards, and more.

Car hacking has become a mainstream topic over the last few years with popular TV shows documenting the subject. This list will serve as a beginner’s and veteran’s guide to car hacking. It discusses how car hacking works, what you need to get started, the prerequisites and the basics, including articles, presentations, books, research papers, courses and podcasts. Learn what you can do to make sure your vehicle is secure.

Car Hacker’s Handbook

1. 2014 Car Hacker’s Handbook
   Free guide to hacking vehicles from 2014.

Articles

1. How to hack a car — a quick crash-course
   Car enthusiast Kenny Kuchera illustrates just enough information to get you up and running. An excellent resource for first timers!
2. Stopping a Jeep Cherokee on the Highway Remotely
   Chris Valasek’s and Charlie Miller’s pivotal research on hacking into Jeep’s presented at DEFCON in 2015.
3. Troy Hunt on Controlling Nissans
   Troy Hunt goes into controlling Nissan vehicles.
4. Tesla hackers explain how they did it at Defcon
   Overview of DEFCON 23 presentation on hacking into Tesla cars.
5. Anatomy of the Rolljam Wireless Car Hack
   Overview of the RollJam rolling code exploitation device.
6. IOActive’s Tools and Data
   Chris Valasek and Charlie Miller release some of their tools and data for hacking into vehicles in an effort to get more people into vehicle security research.
7. Developments in Car Hacking
   via the SANS Reading Room, Currie’s paper analyses the risks and perils of smart vehicle technology.
8. Car Hacking on the Cheap
   A whitepaper from Chris Valasek and IOActive on hacking your car when you don’t have a lot of resources at your disposal.
9. Car Hacking: The definitive source
   Charlie Miller and Chris Valasek publish all tools, data, research notes, and papers for everyone for free
10. Car Hacking on the cheap
    Craig Smith wrote a brief article on working with Metasploit’s HWBrige using ELM327 Bluetooth dongle
11. Researchers tackle autonomous vehicle security
    Texas A&M researchers develop intelligence system prototype.
12. How big data will impact car security in the proximate future: Concerns and solutions
    Impact of big data on car security.
13. Reverse engineering of the Nitro OBD2
    Reverse engineering of CAN diagnostic tools.
14. Analysis of an old Subaru Impreza – Subaru Select Monitor v1 (SSM1)
    Digging into an old ECU through an old protocol and disabling a 1997 Subaru Impreza’s speed limiter.
15. Car Hacking in 30 Minutes or Less
    Using VirtualBox and Kali Linux, you can start car hacking using completely free open-source software and tools, including can-utils, ICSim, ScanTool, Wireshark, and tcpdump

Presentations

1. Drive It Like You Hacked It from DEFCON 23
   A talk and slides from Samy Kamkar’s DEFCON 23/2015 talk that includes hacking garages, exploiting automotive mobile apps, and breaking rolling codes to unlock any vehicle with low cost tools.
2. Samy Kamkar on Hacking Vehicles with OnStar
   Samy Kamkar, the prolific hacker behind the Samy worm on MySpace, explores hacking into vehicles with OnStar systems.
3. Remote Exploitation of an Unaltered Passenger Vehicle
   DEFCON 23 talk Chris Valasek and Charlie Miller give their now famous talk on hacking into a Jeep remotely and stopping it dead in its tracks.
4. Adventures in Automotive Networks and Control Units
   DEFCON 21 talk by Chris Valasek and Charlie Miller on automotive networks.
5. Can You Trust Autonomous Vehicles?
   DEFCON 24 talk by Jianhao Liu, Chen Yan, Wenyuan Xu
6. Ken Munro & Dave Lodge – Hacking the Mitsubishi Outlander & IOT
   talk from BSides Manchester 2016 by Ken and Dave of Gateway Internals of Tesla Motors
   Zeronights 2016 talk by Nie Seng and Liu Ling
7. Car Hacking 101
   Bugcrowd LevelUp 2017 by Alan Mond
8. State of Automotive Cyber Safety, 2015
   State of automotive hacking, policy, industry changes, etc. from I Am The Cavalry track at BSides Las Vegas, 2015.
9. State of Automotive Cyber Safety, 2016
   State of automotive hacking, policy, industry changes, etc. from I Am The Cavalry track at BSides Las Vegas, 2016.
10. How to Hack a Tesla Model S
    DEF CON 23 talk by Marc Rogers and Kevin Mahaffey on hacking a Tesla. Tesla Co-Founder and CTO, JB Straubel, joins them to thank them and present a challenge coin.
11. Self-Driving and Connected Cars: Fooling Sensors and Tracking Drivers
    Black Hat talk by Jonathan Petit. Automated and connected vehicles are the next evolution in transportation and will improve safety, traffic efficiency and driving experience. This talk will be divided in two parts: 1) security of autonomous automated vehicles and 2) privacy of connected vehicles. 2015
12. A Survey of Remote Automotive Attack Surfaces
    Black Hat talk By Charlie Miller and Chris Valasek. Automotive security concerns have gone from the fringe to the mainstream with security researchers showing the susceptibility of the modern vehicle to local and remote attacks. Discussion of vehicle attack surfaces. 2014.
13. Pentesting vehicles with YACHT (Yet Another Car Hacking Tool)
    A presentation that discusses different attack surfaces of a vehicle, then continues to describe an approach to car hacking along with tools needed to analyse and gather useful information.
14. How to drift with any car
    Introduction to CAN hacking, and using a real car as an Xbox controller.
15. Car Infotainment Hacking Methodology and Attack Surface Scenario
    A guide on how to attack, hunt bugs or hack your IVI by Jay Turla which was presented at the Packet Hacking Village / Wall of Sheep during DEF CON 26.
16. TR19: Automotive Penetration Testing with Scapy
    Overview on how Scapy can be used for automotive penetration testing at Troopers Conference 2019.