The Car Hacker's Handbook

Modern cars are more computerized than ever. Infotainment and navigation systems, Wi-Fi, automatic software updates, and other innovations aim to make driving more convenient. But vehicle technologies haven t kept pace with today s more hostile security environment, leaving millions vulnerable to attack. The Car Hacker s Handbook will give you a deeper understanding of the computer systems and embedded software in modern vehicles. It begins by examining vulnerabilities and providing detailed explanations of communications over the CAN bus and between devices and systems. Then, once you have an understanding of a vehicle s communication network, you ll learn how to intercept data and perform specific hacks to track vehicles, unlock doors, glitch engines, flood communication, and more. With a focus on low-cost, open source hacking tools such as Metasploit, Wireshark, Kayak, can-utils, and ChipWhisperer, The Car Hacker s Handbook will show you how to: Build an accurate threat model for your vehicle Reverse engineer the CAN bus to fake engine signals Exploit vulnerabilities in diagnostic and data-logging systems Hack the ECU and other firmware and embedded systems Feed exploits through infotainment and vehicle-to-vehicle communication systems Override factory settings with performance-tuning techniques Build physical and virtual test benches to try out exploits safely If you re curious about automotive security and have the urge to hack a two-ton computer, make The Car Hacker s Handbook your first stop.

Table of Contents:
Introduction Chapter 1: Understanding Threat Models Chapter 2: Bus Protocols Chapter 3: Vehicle Communication with SocketCAN Chapter 4: Diagnostics and Logging Chapter 5: Reverse Engineering the CAN Bus Chapter 6: ECU Hacking Chapter 7: Building and Using ECU Test Benches Chapter 8: Attacking ECUs and Other Embedded Systems Chapter 9: In-Vehicle Infotainment Systems Chapter 10: Vehicle-to-Vehicle Communication Chapter 11: Weaponizing CAN Findings Chapter 12: Attacking Wireless Systems with SDR Chapter 13: Performance Tuning Appendix A: Tools of the Trade Appendix B: Diagnostic Code Modes and PIDs Appendix C: Creating Your Own Open Garage

About the Author :
Craig Smith runs Theia Labs, a research firm that focuses on security auditing and building hardware and software prototypes. He has worked for several auto manufacturers and provided them with his public research. He is also a founder of the Hive13 hackerspace and OpenGarages.org. Craig is a frequent speaker on car hacking and has run workshops at RSA, DEF CON, and other major security conferences

Review :
“The Car Hacker's Handbook a guide on how to reverse engineer, exploit, and modify any kind of embedded system; cars are just the example. Craig presents this in a way that is eminently comprehensible and spends enough time reinforcing the idea of hacking a car safely, legally, and ethically. It’s a great read, an excellent introduction to fiddling with embedded bits, and truly owning the devices you’ve already purchased.” —Hackaday “Smith has done a marvelous job of providing a practical introduction to the world of vehicle systems and the tools used to interact with them for both benign and malicious purposes. Definitely a recommended read.” —IEEE Cipher “No matter where you stand on the vehicle cybersecurity issue—and perhaps like me you need to learn more about this subject—The Car Hacker's Handbook is an excellent guide and reference.” —SAE International “No Starch Press has taken on the task of turning The Car Hacker's Handbook into a beautifully produced, professional book, in a new edition that builds on the original, vastly expanding the material while simultaneously improving the organization and updating it to encompass the otherwise-bewildering array of new developments in car automation and hacking.” —Cory Doctorow, Boing Boing “The Car Hacker’s Handbook is a comprehensive guide to reverse-engineering and understanding the digital control systems in a modern vehicle. This book is a wake-up call to automakers, legislators, and regulators, announcing the fact that technology enthusiasts can and will continue to fiddle with their cars. The bar for automotive software quality just got raised.” —Jeff Zurschmeide, Digital Trends “At nearly 300 pages, The Car Hacker’s Handbook covers a lot of potential security risks, and as autonomous systems become more ubiquitous and sophisticated, there could be even more risks.” —TechCrunch “The Car Hacker's Handbook is well worth reading. The practical information on automotive networks and protocols is invaluable. All things considered, that is what one wants from a hacker's handbook.” —Nathan Willis, LWN.net “Craig Smith has written a fascinating book about how connected cars work, and how they can be hacked. For those that want to understand what goes on under the hood of the car from a software perspective, The Car Hacker's Handbook is a most worthwhile read.” —Ben Rothke, RSA Conference “If you have your own car and are interested in understanding the ins and outs of its networking and security, this is the reference book to use.” —Jay Schulman, InfoSecurity Magazine “If you are interested in what goes on behind the scenes when you drive your car, and how exploitable it is, this is a book worth reading.” —The IT Nerd “With people like author Craig Smith and books such as The Car Hacker's Handbook, open information and standards and shared knowledge are the ways to secure our safety on the road.” —Network Security Newsletter “The Car Hacker’s Handbook by Craig Smith not only details the multiplicity of hacks that have already been perpetrated on unsuspecting automobile ECUs but promises to be a 'Guide for the Penetration Tester' interested in 'attacking ECUs' and 'passive CAN bus fingerprinting.'” —David Booth, Driving “The Car Hacker's Handbook is not just a technical guide for car enthusiasts and those with an interest in cybersecurity. If you work on, or modify cars, this book could be your Bible.” —Rick Limpert on WGST's The Sully Show “The Car Hacker's Handbook by Craig Smith is an excellent resource that deserves a place next to your Chilton repair manuals. Rather than an afterthought, security is front and center with The Car Hacker's Handbook. Anyone interested in electronically breaking into cars, or ideally thwarting such intrusions, should consider cracking into Smith's book first.” —GearBrain “Protect yourself and your car with The Car Hacker's Handbook. This book can be a great reference tool or even a spring or summer read. Smith doesn't set out to be an alarmist, but this book really makes you think.” —Examiner.com “The Car Hacker’s Handbook has pages of programming and technical information for tinkerers (i.e., hackers). But it also provides a public service as the first work of its kind to analyze computer-based systems that make them vulnerable to attack and exploitation. If your company has a fleet, you might want to check it out.” —Strategic Finance “If you are a serious car nut who regularly tinkers around, love problem-solving codes, or are concerned about security, pick up this guide and give the tricks inside a try. It could have a significant impact on your security.” —The News Wheel “The Car Hacker's Handbook invites digging deep within and getting your hands “dirty” digitally. Chock full of information and diagrams. For those with a yen for hacking a two-ton computer, drive on over to a bookstore and wrap your hands around this.” —LA Home & Technology Examiner “A great resource if you’re trying to hone your automotive skills or if you have an interest in the networks and security of cars.” — Makezine.com “Even if you aren't interested in becoming a car penetration tester, but you do want to know more about the collection of computers you routinely drive, you would do well to buy and read this book.” —;login: the Magazine of USENIX “The Car Hacker's Handbook is, on the one hand, an important work that can be highly useful to those who want to find the ways and mean to protect vehicles from cyber-attack, and, on the other, scary as hell for the rest of us.” —Automotive Design & Production “Smith is set on providing knowledge that will help users improve their car’s security and performance. The ultimate goal is to shed light on the inner workings of modern cars, discover potential security weaknesses and urge automakers to fix them, discover intentional choices that shouldn’t have been made (e.g. Volkswagen emissions scandal), and to know what you are driving.” —Help Net Security “A car hacker's bible. Smith cites the importance of having individuals as well as auto makers continually check and test their vehicles. He also cites the importance of public awareness that can pressure both manufacturers and safety agencies into developing safeguards and standards designed to keep ahead of the threat. And these really are only the early steps in a very long haul issue.” —The Auto Channel “A detailed overview of the computer systems and embedded software ubiquitous in today’s new cars. The author describes the numerous entry points where a hack can occur. Starting with CAN, the infotainment system, the engine control unit (ECU), and more.” —CAN Newsletter “As cars become more connected and contain more software than ever, their vulnerabilities are being publicly exposed, often to the great embarrassment of automakers. Craig Smith’s excellent, detailed book lifts the lid on all the major threat vectors in the vehicle, with great technical depth. For anyone interested in security and the modern vehicle, or whose job depends on these areas, there is simply no better book out there!” —Andrew Brown, Strategy Analytics, Executive Director of Enterprise and IoT Research “The Car Hacker's Handbook is useful, insightful, and brimming with pragmatic advice. Highly recommended to those in the automotive and security industries.” —Prof. Christof Ebert, Vector Consulting Services “Easily the best book I have ever found for learning about how to use a CAN bus. I would recommend this book for engineers working with embedded systems, even if they do not work with cars. I give this book 5 out of 5.” —Robots for Roboticists “A useful resource for cybersecurity experts.” —Mercury Blog