Awesome Vehicle Security

A curated list of awesome resources, books, hardware, software, applications, people to follow, and more cool stuff about vehicle security, car hacking, and tinkering with the functionality of your car.

I would love as much help as I can get. Start contributing!

Follow me on Twitter for more security goodness.

Related Lists
Learn
- Articles
- Presentations
- Books
- Research Papers
- Courses
- Blogs
- Websites
- Newsletters
- Conferences
- Who to Follow
- Podcasts and Episodes
  - Podcasts
  - Episodes
- Miscellaneous
Projects
Hardware
Software
- Applications
- Libraries and Tools
  - C
  - Java
  - C++
  - Python
  - Go
  - JavaScript
Companies and Jobs
- Coordinated Disclosure
Other Awesome (non-vehicle related) Lists
Contributing

Related Lists

These lists are related to a specific protocol that you will find in the world of car hacking.

Learn

Articles

How to hack a car — a quick crash-course - Car enthusiast Kenny Kuchera illustrates just enough information to get you up and running. An excellent resource for first timers!
Stopping a Jeep Cherokee on the Highway Remotely - Chris Valasek's and Charlie Miller's pivotal research on hacking into Jeep's presented at DEFCON in 2015.
Troy Hunt on Controlling Nissans - Troy Hunt goes into controlling Nissan vehicles.
Tesla hackers explain how they did it at Defcon - Overview of DEFCON 23 presentation on hacking into Tesla cars.
Anatomy of the Rolljam Wireless Car Hack - Overview of the RollJam rolling code exploitation device.
IOActive's Tools and Data - Chris Valasek and Charlie Miller release some of their tools and data for hacking into vehicles in an effort to get more people into vehicle security research.
Developments in Car Hacking - via the SANS Reading Room, Currie's paper analyses the risks and perils of smart vehicle technology.
Car Hacking on the Cheap - A whitepaper from Chris Valasek and IOActive on hacking your car when you don't have a lot of resources at your disposal.
Car Hacking: The definitive source - Charlie Miller and Chris Valasek publish all tools, data, research notes, and papers for everyone for free
Car Hacking on the cheap - Craig Smith wrote a brief article on working with Metasploit’s HWBrige using ELM327 Bluetooth dongle
Researchers tackle autonomous vehicle security - Texas A&M researchers develop intelligence system prototype.
Reverse engineering of the Nitro OBD2 - Reverse engineering of CAN diagnostic tools.
Analysis of an old Subaru Impreza - Subaru Select Monitor v1 (SSM1) - Digging into an old ECU through an old protocol and disabling a 1997 Subaru Impreza's speed limiter.
Car Hacking in 30 Minutes or Less - Using VirtualBox and Kali Linux, you can start car hacking using completely free open-source software and tools, including can-utils, ICSim, ScanTool, Wireshark, and tcpdump

Presentations

"Hopping on the CAN Bus" from BlackHat Asia 2015 - A talk from BlackHat Asia 2015 that aims to enable the audience to "gain an understanding of automotive systems, but will also have the tools to attack them".
"Drive It Like You Hacked It" from DEFCON 23 - A talk and slides from Samy Kamkar's DEFCON 23/2015 talk that includes hacking garages, exploiting automotive mobile apps, and breaking rolling codes to unlock any vehicle with low cost tools.
Samy Kamkar on Hacking Vehicles with OnStar - Samy Kamkar, the prolific hacker behind the Samy worm on MySpace, explores hacking into vehicles with OnStar systems.
Remote Exploitation of an Unaltered Passenger Vehicle - DEFCON 23 talk Chris Valasek and Charlie Miller give their now famous talk on hacking into a Jeep remotely and stopping it dead in its tracks.
Adventures in Automotive Networks and Control Units - DEFCON 21 talk by Chris Valasek and Charlie Miller on automotive networks.
Can You Trust Autonomous Vehicles? - DEFCON 24 talk by Jianhao Liu, Chen Yan, Wenyuan Xu
Ken Munro & Dave Lodge - Hacking the Mitsubishi Outlander & IOT - talk from BSides Manchester 2016 by Ken and Dave of Pen Test Partners
FREE-FALL: HACKING TESLA FROM WIRELESS TO CAN BUS - Zeronights 2016 and later BlackHat talk by Sen Nie, Ling Liu, and Yuefeng Du from Tencent and KEEN Security lab
Car Hacking 101 - Bugcrowd LevelUp 2017 by Alan Mond
State of Automotive Cyber Safety, 2015 - State of automotive hacking, policy, industry changes, etc. from I Am The Cavalry track at BSides Las Vegas, 2015.
State of Automotive Cyber Safety, 2016 - State of automotive hacking, policy, industry changes, etc. from I Am The Cavalry track at BSides Las Vegas, 2016.
How to Hack a Tesla Model S - DEF CON 23 talk by Marc Rogers and Kevin Mahaffey on hacking a Tesla. Tesla Co-Founder and CTO, JB Straubel, joins them to thank them and present a challenge coin.
Car Hacking Videos - A web page with a long list of videos (40+) that are available online related to the topic of car hacking. From a 2007 DEF CON talk on modding engine ECUS and onwards (e.g. the 2017 Keen Security Tesla hack).
Self-Driving and Connected Cars: Fooling Sensors and Tracking Drivers - Black Hat talk by Jonathan Petit. Automated and connected vehicles are the next evolution in transportation and will improve safety, traffic efficiency and driving experience. This talk will be divided in two parts: 1) security of autonomous automated vehicles and 2) privacy of connected vehicles. 2015
A Survey of Remote Automotive Attack Surfaces - Black Hat talk By Charlie Miller and Chris Valasek. Automotive security concerns have gone from the fringe to the mainstream with security researchers showing the susceptibility of the modern vehicle to local and remote attacks. Discussion of vehicle attack surfaces. 2014.
Pentesting vehicles with YACHT (Yet Another Car Hacking Tool) -A presentation that discusses different attack surfaces of a vehicle, then continues to describe an approach to car hacking along with tools needed to analyse and gather useful information.
How to drift with any car - Introduction to CAN hacking, and using a real car as an Xbox controller.
Car Infotainment Hacking Methodology and Attack Surface Scenario - A guide on how to attack, hunt bugs or hack your IVI by Jay Turla which was presented at the Packet Hacking Village / Wall of Sheep during DEF CON 26.
TR19: Automotive Penetration Testing with Scapy - Overview on how Scapy can be used for automotive penetration testing at Troopers Conference 2019.
Analysis and Defense of Automotive Networks - Overview of CAN, security, and potential intrusion detection approaches at BSides Knoxville 2020
Remote Exploitation of Honda Cars - The Honda Connect app used by Honda City 5th generation used weak security mechanisms in its APIs for access control which would allow a malicious user to perform actions like starting the car, locking/unlocking car etc. remotely by interacting with it's Telematics Control Unit (TCU)
TR22: UDS Fuzzing and the Path to Game Over - UDS diagnostics protocol fuzzing methodology, presented as a result of numerous penetration testing projects in the automotive industry, with real world exploitation PoCs, presented during Troopers Conference 2022.
CCC - Horror Stories From the Automotive Industry - Horrifying examples of common vulnerabilities in the automotive industry, result of more than 100 penetration tests targeting Tier 1 suppliers and OEMs, with ultimate goal to raise awareness on the current state of automotive security. Additionally, PoC of automated week seed randomness exploitation in automotive components, by using a battery isolator in heavy-duty vehicles and the UDS protocol, for complete compromise of a target. Presented in Chaos Communication Camp, DeepSec 2023 and Troopers Conference 23.
Car Hacking Scene in the PH: How Far We've Come - Car Hacking Village PH presents their first attempt on the main tracks for ROOTCON. This is a rundown of CHVPH's past security research to current research - from hacking infotainment systems to CAN Bus protocols and a summary of cars available in the Philippines which are susceptible to car thefts.
Analysis of an In-vehicular network: From CAN bus to infotainment - This talk will feature Div0 CSQ’s 3 test benches as they explore more features on Connected vehicles. This was presented in ROOTCON 17 Car Hacking Village.
An overview of Automotive Defensive Engineering - This talk is for car hackers to learn about modern defense measures being added to ECUs and Vehicle Architectures. This was presented in ROOTCON 17 Car Hacking Village.
Hacking Back Your Car - Kamel Ghali's talk on ROOTCON 17 about how an attacker's perspective on hacking a car and origins of such attacks, how they've been used in different countries over the years, and explore the technical details of what makes such an attack possible.

Books

2014 Car Hacker's Handbook - Free guide to hacking vehicles from 2014.
2016 Car Hacker's Handbook - Latest version of the Car Hacker's handbook with updated information to hack your own vehicle and learning vehicle security. For a physical copy as well unlimited PDF, MOBI, and EPUB copies of the book, buy it at No Starch Press. Sections are available online here.
A Comprehensible Guide to Controller Area Network - An older book from 2005, but still a comprehensive guide on CAN buses and networking in vehicles.
智能汽车安全攻防大揭秘This book first introduced some basic knowledge of security for automotive R&D personnel, such as encryption and decryption, security authentication, digital signatures, common attack types, and methods. Then it introduced the working principles of some smart cars for security researchers, such as the automotive intranet. Protocol, network architecture, principle of X-By-Wire remote control system, common potential attack surface, etc. Finally, a detailed analysis of some actual automotive attack or security test cases, and defense analysis of the loopholes involved in the case during the analysis process.
Controller Area Network Prototyping with Arduino - This book guides you through prototyping CAN applications on Arduinos, which can help when working with CAN on your own car.
Embedded Networking with CAN and CANopen - From 2003, this book fills in gaps in CAN literature and will educate you further on CAN networks and working with embedded systems.
[Inside Radio: An Attack and Defense