Full PDF, Mobi, and ePub files available now!
Get 30% off with the coupon code CARHACKERS
Modern cars are more computerized than ever. Infotainment and navigation systems, Wi-Fi, automatic software updates, and other innovations aim to make driving more convenient. But vehicle technologies haven’t kept pace with today’s more hostile security environment, leaving millions vulnerable to attack.
The Car Hacker’s Handbook will give you a deeper understanding of the computer systems and embedded software in modern vehicles. It begins by examining vulnerabilities and providing detailed explanations of communications over the CAN bus and between devices and systems.
Then, once you have an understanding of a vehicle’s communication network, you’ll learn how to intercept data and perform specific hacks to track vehicles, unlock doors, glitch engines, flood communication, and more. With a focus on low-cost, open source hacking tools such as Metasploit, Wireshark, Kayak, can-utils, and ChipWhisperer, The Car Hacker’s Handbook will show you how to:
If you’re curious about automotive security and have the urge to hack a two-ton computer, make The Car Hacker’s Handbook your first stop.
About the Author
Craig Smith runs Theia Labs, a research firm that focuses on security auditing and building hardware and software prototypes. He has worked for several auto manufacturers and provided them with his public research. He is also a founder of the Hive13 hackerspace and OpenGarages.org. Craig is a frequent speaker on car hacking and has run workshops at RSA, DEF CON, and other major security conferences.
Table of Contents
Chapter 1: Understanding Threat Models
Appendix A: Tools of the Trade
Craig Smith did a Reddit AMA and answered questions about car hacking, IoT security, and safe vehicle demos. Watch Craig's O'Reilly webcast where he taught viewers about reversing the CAN bus on Linux.
“The Car Hacker's Handbook a guide on how to reverse engineer, exploit, and modify any kind of embedded system; cars are just the example. Craig presents this in a way that is eminently comprehensible and spends enough time reinforcing the idea of hacking a car safely, legally, and ethically. It’s a great read, an excellent introduction to fiddling with embedded bits, and truly owning the devices you’ve already purchased.”
“Smith has done a marvelous job of providing a practical introduction to the world of vehicle systems and the tools used to interact with them for both benign and malicious purposes. Definitely a recommended read.”
“No matter where you stand on the vehicle cybersecurity issue—and perhaps like me you need to learn more about this subject—The Car Hacker's Handbook is an excellent guide and reference.”
An article by Craig Smith on hacking your own car and the right to tinker is featured on Dark Reading.
“No Starch Press has taken on the task of turning The Car Hacker's Handbook into a beautifully produced, professional book, in a new edition that builds on the original, vastly expanding the material while simultaneously improving the organization and updating it to encompass the otherwise-bewildering array of new developments in car automation and hacking.”
“The Car Hacker’s Handbook is a comprehensive guide to reverse-engineering and understanding the digital control systems in a modern vehicle. This book is a wake-up call to automakers, legislators, and regulators, announcing the fact that technology enthusiasts can and will continue to fiddle with their cars. The bar for automotive software quality just got raised.”
“At nearly 300 pages, The Car Hacker’s Handbook covers a lot of potential security risks, and as autonomous systems become more ubiquitous and sophisticated, there could be even more risks.”
“The Car Hacker's Handbook is well worth reading. The practical information on automotive networks and protocols is invaluable. All things considered, that is what one wants from a hacker's handbook.”
“Craig Smith has written a fascinating book about how connected cars work, and how they can be hacked. For those that want to understand what goes on under the hood of the car from a software perspective, The Car Hacker's Handbook is a most worthwhile read.”
“If you have your own car and are interested in understanding the ins and outs of its networking and security, this is the reference book to use.”
“If you are interested in what goes on behind the scenes when you drive your car, and how exploitable it is, this is a book worth reading.”
Craig Smith, “one of the pre-eminent automotive security experts on the planet, author of The Car Hacker’s Handbook and the founder of the Open Garages vehicle research lab,” was interviewed by Forbes about his book and research.
“With people like author Craig Smith and books such as The Car Hacker's Handbook, open information and standards and shared knowledge are the ways to secure our safety on the road.”
“The Car Hacker’s Handbook by Craig Smith not only details the multiplicity of hacks that have already been perpetrated on unsuspecting automobile ECUs but promises to be a 'Guide for the Penetration Tester' interested in 'attacking ECUs' and 'passive CAN bus fingerprinting.'”
Craig Smith spoke to The Globe and Mail about the reality of car hacking and threats consumers face.
“The Car Hacker's Handbook is not just a technical guide for car enthusiasts and those with an interest in cybersecurity. If you work on, or modify cars, this book could be your Bible.”
“The Car Hacker's Handbook by Craig Smith is an excellent resource that deserves a place next to your Chilton repair manuals. Rather than an afterthought, security is front and center with The Car Hacker's Handbook. Anyone interested in electronically breaking into cars, or ideally thwarting such intrusions, should consider cracking into Smith's book first.”
“Protect yourself and your car with The Car Hacker's Handbook. This book can be a great reference tool or even a spring or summer read. Smith doesn't set out to be an alarmist, but this book really makes you think.”
“The Car Hacker’s Handbook has pages of programming and technical information for tinkerers (i.e., hackers). But it also provides a public service as the first work of its kind to analyze computer-based systems that make them vulnerable to attack and exploitation. If your company has a fleet, you might want to check it out.”
“If you are a serious car nut who regularly tinkers around, love problem-solving codes, or are concerned about security, pick up this guide and give the tricks inside a try. It could have a significant impact on your security.”
“The Car Hacker's Handbook invites digging deep within and getting your hands “dirty” digitally. Chock full of information and diagrams. For those with a yen for hacking a two-ton computer, drive on over to a bookstore and wrap your hands around this.”
“A great resource if you’re trying to hone your automotive skills or if you have an interest in the networks and security of cars.”
“Even if you aren't interested in becoming a car penetration tester, but you do want to know more about the collection of computers you routinely drive, you would do well to buy and read this book.”
“The Car Hacker's Handbook is, on the one hand, an important work that can be highly useful to those who want to find the ways and mean to protect vehicles from cyber-attack, and, on the other, scary as hell for the rest of us.”
“Smith is set on providing knowledge that will help users improve their car’s security and performance. The ultimate goal is to shed light on the inner workings of modern cars, discover potential security weaknesses and urge automakers to fix them, discover intentional choices that shouldn’t have been made (e.g. Volkswagen emissions scandal), and to know what you are driving.”
According to Craig Smith, “Really any vehicle on the market right now is susceptible”. Read more in his interview with I3 Magazine.
“A car hacker's bible. Smith cites the importance of having individuals as well as auto makers continually check and test their vehicles. He also cites the importance of public awareness that can pressure both manufacturers and safety agencies into developing safeguards and standards designed to keep ahead of the threat. And these really are only the early steps in a very long haul issue.”
“A detailed overview of the computer systems and embedded software ubiquitous in today’s new cars. The author describes the numerous entry points where a hack can occur. Starting with CAN, the infotainment system, the engine control unit (ECU), and more.”
“As cars become more connected and contain more software than ever, their vulnerabilities are being publicly exposed, often to the great embarrassment of automakers. Craig Smith’s excellent, detailed book lifts the lid on all the major threat vectors in the vehicle, with great technical depth. For anyone interested in security and the modern vehicle, or whose job depends on these areas, there is simply no better book out there!”
“The Car Hacker's Handbook is useful, insightful, and brimming with pragmatic advice. Highly recommended to those in the automotive and security industries.”
“Easily the best book I have ever found for learning about how to use a CAN bus. I would recommend this book for engineers working with embedded systems, even if they do not work with cars. I give this book 5 out of 5.”
“A useful resource for cybersecurity experts.”