Computer Security Expert Authors Book Exploring Modern Vehicle Vulnerabilities

May 27, 2016

It used to be that when you needed information about how to fix a vehicle, you picked up a repair manual and found the exact steps to take to get your task done. But today’s vehicles are so highly computerized-”with multiple computer systems driving everything from the engine to ignition to the climate control system-”that it’s virtually impossible to figure out even the seemingly simple challenges that once were spelled out in a step-by-step fashion of an owner’s repair manual.

That’s why “The Car Hacker’s Handbook: A Guide for the Penetration Tester” (No Starch Press, $49.95) is so valuable for today’s automotive industry. Authored by computer security expert Craig Smith, with the help of his engineers at Theia Labs and countless numbers of research papers from respected schools and universities, The Car Hacker’s Handbook is the first book of its kind to take an in-depth look at the computer-based systems in modern cars that make them vulnerable to attack and exploitation.

While the word hacker may draw some negative connotation in today’s society, Smith explains that what he is really trying to do is to unlock information about the vulnerabilities of today’s vehicles in order to better understand and protect these highly complex and extremely dangerous machines.

“Car hacking allows you to assess the security risks of the vehicle that you and your family ride in every day,” Smith said. “The information in my book can be used to understand the undocumented inner workings of modern vehicles and communicate your findings with car manufacturers, which will make us all more secure.”

Smith points out that the auto industry is going through a transitional phase that is moving from a world of mechanical systems that could easily be taught and deciphered to fully electronic, software-based systems that are much more complex and harder to maintain and exploit.

“I really want to go back to days when you had an old car with a printed manual and a bill of materials that had everything that you needed to know to work on the car, repair your car to make any type of modifications-”it’s all there,” he said. “Just because it’s now software biased doesn’t mean it should be a locked out economy. If I want to make a change, I should be able to do that.”

In his book, The Car Hacker’s Handbook, Smith presents extremely detailed information with step-by-step instructions about how to penetrate or hack a vehicle’s systems. Complete with screen shots, diagrams and photos, the book walks the reader through what it takes to hack a vehicle, beginning with an overview of the policies surrounding vehicle security and then delving into how to check whether a vehicle is secure and how to find vulnerabilities in more sophisticated hardware systems.

Chapters include:

  • Understanding Threat Models-”How to learn to identify areas with the highest rick components
  • Bus Protocols-”Detailing the various bus networks and exploring the wiring, voltages and protocols that each bus uses
  • Diagnostics and Logging-”How to read engine codes and explanation of how different module services work
  • Reverse Engineering and the CAN Bus-”How to analyze the CAN network and set up virtual testing environments
  • ECU Hacking-”How access and modify the firmware and how to analyze the binary data
  • Building and Using ECU Test Benches-”How to remove parts from a vehicle to set up a safe testing environment
  • Attacking ECUs and Other Embedded Systems-”Covering integrated circuit debugging pins and methodologies
  • In-Vehicle Infotainment Systems-”Detailing how infotainment systems work and detailing ways to get to its firmware and execute on the system
  • Vehicle-to-Vehicle Communication-”Covering cryptography as well as the different protocols from multiple countries as well as the weaknesses in vehicle-to-vehicle systems
  • Weaponizing CAN Findings-”How to turn research into a working exploit
  • Attacking Wireless Systems with SDR-”How to use software-defined radio to analyze wireless communications such as TPMS, key fobs and immobilizer systems
  • Performance Tuning-”Techniques to enhance and modify a vehicle’s performance

One thing to note, Smith is careful to not mention specific automotive makes or models in his book because his purpose is not to create a How To book on hacking a particular car, but is more interested in teaching readers how to go about figuring it out on their own.

“I am not handing keys over,” Smith said. “I’m more like teaching you how to fish. If you want to learn it and that’s what you want to do with the research then you were going do that anyway. But if you are stuck in your garage and you dealing with software issues hopefully this book can help by filling some the gaps there where obviously a lack of information in a consolidated form of how to go about reverse engineering your vehicle in order to understand what is really going on.”

The Car Hacker’s Handbook is available online and at major bookstores everywhere. For more information, visit nostarch.com or Opengarages.org.