Vehicle Hacking
🔥 Advanced

Automotive Security

Modern vehicles are computers on wheels, with 100+ Electronic Control Units (ECUs) communicating over CAN bus networks. Connected cars introduce attack surface through cellular modems, Wi-Fi, Bluetooth, and infotainment systems. This guide covers automotive penetration testing, from CAN bus exploitation to keyless entry attacks.

Safety Critical Systems

Never test on moving vehicles or public roads. Automotive attacks can disable brakes, steering, or airbags. Always test in controlled environments with vehicle on jack stands or in a Faraday cage. Unauthorized vehicle hacking may violate laws.

Vehicle Architecture

🔴 Critical Systems

  • • Engine Control Unit (ECU)
  • • Brake System (ABS/ESC)
  • • Steering Control
  • • Airbag Module
  • • Transmission Control

🟠 Comfort Systems

  • • Infotainment Head Unit
  • • Climate Control
  • • Power Windows/Locks
  • • Instrument Cluster
  • • Seat Adjustment

🔵 Connected Systems

  • • Telematics Unit (TCU)
  • • Cellular Modem (4G/5G)
  • • Bluetooth / Wi-Fi
  • • Tire Pressure Monitoring
  • • Keyless Entry System

CAN Bus Protocol

Controller Area Network (CAN) is the primary communication protocol in vehicles. Key characteristics:

  • Broadcast: All ECUs receive all messages (no addressing)
  • No Authentication: Any ECU can send any message
  • No Encryption: All traffic is cleartext
  • Priority-Based: Lower CAN ID = higher priority
  • Differential Signaling: CAN-H and CAN-L twisted pair (2.5V baseline)

Common Attack Vectors

1. OBD-II Port Access

Physical access to diagnostic port under dashboard. Connect CAN adapter (Macchina M2, CANtact) to sniff/inject traffic.

2. Keyless Entry Relay

Relay signal from key fob (inside house) to car, bypassing proximity check. Car thinks key is nearby and unlocks.

3. Infotainment Exploitation

Exploit vulnerabilities in head unit (often Linux-based). Pivot from infotainment to CAN gateway to send commands to critical ECUs.

4. Remote Telematics Attack

Exploit cellular modem or connected services (OnStar, Tesla app). Remote code execution can control vehicle functions over the internet.

Essential Automotive Hacking Tools

Hardware

  • • Macchina M2
  • • CANtact / CANable
  • • ValueCAN
  • • HackRF / YARD Stick One

Software

  • • ICSim (CAN simulator)
  • • CANalyze
  • • Wireshark (CAN dissector)
  • • Kayak

Analysis

  • • python-can
  • • CANUtils (Linux)
  • • SavvyCAN
  • • UDSim (UDS simulator)

Legal Resources

Charlie Miller & Chris Valasek's research (Remote Exploitation of an Unaltered Passenger Vehicle) is foundational. Also check The Car Hacker's Handbook by Craig Smith (free PDF available).

Guide Contents

🚗
1

Automotive Basics

Vehicle architecture and attack surface overview.
🔌
2

CAN Bus Fundamentals

Understanding the CAN protocol and hardware setup.
3

CAN Bus Attacks

Sniffing, injection, fuzzing, and DoS attacks on CAN.
🔧
4

OBD-II Diagnostics

Exploiting the OBD-II diagnostic interface.
🔑
5

Keyless Entry

RF attacks on vehicle key fobs and PKES.
📺
6

Infotainment

Attacking in-vehicle infotainment systems.
📡
7

Telematics

Vehicle telematics and connected car services.
💾
8

ECU Firmware

Reverse engineering automotive ECU firmware.
🤖
9

Autonomous Vehicles

Security challenges in autonomous vehicles.

Related Topics

IoT Pentesting

Wireless Pentesting

Reverse Engineering