Top 50 Awesome List

jaredthecoder/awesome-vehicle-security

Security  8 days ago  2.1k
🚗 A curated list of resources for learning about vehicle security and car hacking.
View byDAY/WEEK/README
View on Github

Jun 16th

Feb 14th

Presentations

  • Analysis and Defense of Automotive Networks - Overview of CAN, security, and potential intrusion detection approaches at BSides Knoxville 2020
  • Research Papers

  • CAN-D: A Modular Four-Step Pipeline for Comprehensively Decoding Controller Area Network Data
  • Time-Based CAN Intrusion Detection Benchmark
  • Addressing the Lack of Comparability & Testing in CAN Intrusion Detection Research: A Comprehensive Guide to CAN IDS Data & Introduction of the ROAD Dataset
  • Conferences

  • Cyber Truck Challenge - Conference that focuses on heavy vehicle cybersecurity issues. Includes hands-on assessments of heavy vehicles and subsystems.
  • Miscellaneous

  • Real ORNL Automotive Dynamometer (ROAD) CAN Intrusion Dataset
  • CAN DoS Fuzzing Attack Video
  • ECU Reflashing Detector Demo
  • Libraries and Tools

    C++

  • CANdevStudiostars542 - Development tool for CAN bus simulation. CANdevStudio enables to simulate CAN signals such as ignition status, doors status or reverse gear by every automotive developer.
  • Libraries and Tools

    Java

  • ITS Geonetworkingstars85 - ETSI ITS G5 GeoNetworking stack, in Java: CAM-DENM / ASN.1 PER / BTP / GeoNetworking
  • Oct 4th, 2021

    Projects

  • Uptane - Uptane is an open and secure software update system design protecting software delivered over-the-air to the computerized units of automobiles and is designed to be resilient even to the best efforts of nation state attackers.
  • Jul 7th, 2021

    Libraries and Tools

    Python

  • CanoPystars94 - A python gui used to visualize and plot message payloads in real time.
  • Nov 20th, 2020

    Presentations

  • TR19: Automotive Penetration Testing with Scapy - Overview on how Scapy can be used for automotive penetration testing at Troopers Conference 2019.
  • Oct 12th, 2020

    Presentations

  • Pentesting vehicles with YACHT (Yet Another Car Hacking Tool) -A presentation that discusses different attack surfaces of a vehicle, then continues to describe an approach to car hacking along with tools needed to analyse and gather useful information.
  • Sep 25th, 2020

    Companies and Jobs

  • Cohda Wireless - V2X DSRC Radio and Software
  • Sep 16th, 2020

    Who to Follow

  • Daniel Öster: Dala's EV Repair, electric vehicle CAN hacking/upgrading
  • Aug 7th, 2020

    Hardware

  • CAN MITM Bridge by MUXSCAN - a tool to MITM CAN messages, allowing easy interaction with your car.
  • Jun 8th, 2020

    Libraries and Tools

    Python

  • Scapystars7.7k - A python library to send, receive, edit raw packets. Supports CAN and automotive protocols: see the automotive doc
  • Oct 28th, 2019

    Articles

  • Car Hacking in 30 Minutes or Less - Using VirtualBox and Kali Linux, you can start car hacking using completely free open-source software and tools, including can-utils, ICSim, ScanTool, Wireshark, and tcpdump
  • Jun 3rd, 2019

    Presentations

  • Car Infotainment Hacking Methodology and Attack Surface Scenario - A guide on how to attack, hunt bugs or hack your IVI by Jay Turla which was presented at the Packet Hacking Village / Wall of Sheep during DEF CON 26.
  • Who to Follow

  • Car Hacking Village
  • carfucar: Founder of Car Hacking Village and Speaker or Trainer
  • Ian Tabor / mintynet: Car Hacker, Car Hacking Village staff
  • Jan 3rd, 2019

    Articles

  • Analysis of an old Subaru Impreza - Subaru Select Monitor v1 (SSM1) - Digging into an old ECU through an old protocol and disabling a 1997 Subaru Impreza's speed limiter.
  • Books

  • 智能汽车安全攻防大揭秘This book first introduced some basic knowledge of security for automotive R&D personnel, such as encryption and decryption, security authentication, digital signatures, common attack types, and methods. Then it introduced the working principles of some smart cars for security researchers, such as the automotive intranet. Protocol, network architecture, principle of X-By-Wire remote control system, common potential attack surface, etc. Finally, a detailed analysis of some actual automotive attack or security test cases, and defense analysis of the loopholes involved in the case during the analysis process.
  • Oct 4th, 2018

    Sep 19th, 2018

    Applications

  • CANalyzat0rstars639 - A security analysis toolkit for proprietary car protocols.
  • Sep 5th, 2018

    Libraries and Tools

    C

  • dbccstars220 - "dbcc is a program for converting a DBC file primarily into into C code that can serialize and deserialize CAN messages." With existing DBC files from a vehicle, this file allows you to convert them to C code that extracts the CAN messages and properties of the CAN environment.
  • Libraries and Tools

    C++

  • CanCatstars149 - A "swiss-army knife" for interacting with live CAN data. Primary API interface in Python, but written in C++.
  • Libraries and Tools

    Python

  • CanCatstars149 - A "swiss-army knife" for interacting with live CAN data. Primary API interface in Python, but written in C++.
  • Aug 24th, 2018

    Articles

  • Car Hacking on the Cheap - A whitepaper from Chris Valasek and IOActive on hacking your car when you don't have a lot of resources at your disposal.
  • Researchers tackle autonomous vehicle security - Texas A&M researchers develop intelligence system prototype.
  • Reverse engineering of the Nitro OBD2 - Reverse engineering of CAN diagnostic tools.
  • Presentations

  • How to drift with any car - Introduction to CAN hacking, and using a real car as an Xbox controller.
  • Research Papers

  • Miller and Valasek - Self proclaimed "car hacking the definitive source".
  • Podcasts and Episodes

    Episodes

  • Hackable? - Cars are Computers - Geoff Siskind paired up with Craig Smith, author of The Car Hacker’s Handbook, to show us just how easy – or not – it is to hack a car.
  • Hardware

  • OpenXC - OpenXC is a combination of open source hardware and software that lets you extend your vehicle with custom applications and pluggable modules. It uses standard, well-known tools to open up a wealth of data from the vehicle to developers. Started by researchers at Ford, it works for all 2002 and newer MY vehicles (standard OBD-II interface). Researchers at Ford Motor Company joined up to create a standard way of creating aftermarket software and hardware for vehicles.
  • Applications

  • talking-with-carsstars86 - CAN related scripts, and scripts to use a car as a gamepad
  • Jun 17th, 2018

    Books

  • Inside Radio: An Attack and Defense GuideThis book discusses the security issues in a wide range of wireless devices and systems,Chapter 4 433/315MHz Communication (4.3 4.4 4.5 is about car keys Security)
  • Feb 14th, 2018

    Hardware

  • PandwaRF - PandwaRF is a pocket-sized, portable RF analysis tool operating the sub-1 GHz range. It allows the capture, analysis and re-transmission of RF via an Android device or a Linux PC. Capture any data in ASK/OOK/MSK/2-FSK/GFSK modulation from the 300-928 MHz band.
  • Oct 30th, 2017

    Blogs

  • Keen Security Lab Blog - Blog created by Keen Security Lab of Tencent that posts research on car security.
  • Books

  • 2016 Car Hacker's Handbook - Latest version of the Car Hacker's handbook with updated information to hack your own vehicle and learning vehicle security. For a physical copy as well unlimited PDF, MOBI, and EPUB copies of the book, buy it at No Starch Press. Sections are available online here.
  • Oct 29th, 2017

    Oct 25th, 2017

    Articles

  • How to hack a car — a quick crash-course - Car enthusiast Kenny Kuchera illustrates just enough information to get you up and running. An excellent resource for first timers!
  • Oct 22nd, 2017

    Libraries and Tools

    C++

  • High Level ViWi Servicestars12 - High level Volkswagen CAN signaling protocol implementation.
  • Oct 18th, 2017

    Websites

  • Python Security - A website for browsing and buying python-integrated cars having certain vehicular security features.
  • Oct 11th, 2017

    Presentations

  • A Survey of Remote Automotive Attack Surfaces - Black Hat talk By Charlie Miller and Chris Valasek. Automotive security concerns have gone from the fringe to the mainstream with security researchers showing the susceptibility of the modern vehicle to local and remote attacks. Discussion of vehicle attack surfaces. 2014.
  • Oct 10th, 2017

    Oct 9th, 2017

    Presentations

  • Self-Driving and Connected Cars: Fooling Sensors and Tracking Drivers - Black Hat talk by Jonathan Petit. Automated and connected vehicles are the next evolution in transportation and will improve safety, traffic efficiency and driving experience. This talk will be divided in two parts: 1) security of autonomous automated vehicles and 2) privacy of connected vehicles. 2015
  • Oct 8th, 2017

    Libraries and Tools

    Python

  • Python-OBDstars761 - A Python module for handling realtime sensor data from OBD-II vehicle ports. Works with ELM327 OBD-II adapters, and is fit for the Raspberry Pi.
  • Oct 7th, 2017

    Articles

  • Stopping a Jeep Cherokee on the Highway Remotely - Chris Valasek's and Charlie Miller's pivotal research on hacking into Jeep's presented at DEFCON in 2015.
  • Books

  • 2014 Car Hacker's Handbook - Free guide to hacking vehicles from 2014. You can also buy the book on Amazon here.
  • A Comprehensible Guide to Controller Area Network - An older book from 2005, but still a comprehensive guide on CAN buses and networking in vehicles.
  • Controller Area Network Prototyping with Arduino - This book guides you through prototyping CAN applications on Arduinos, which can help when working with CAN on your own car.
  • Embedded Networking with CAN and CANopen - From 2003, this book fills in gaps in CAN literature and will educate you further on CAN networks and working with embedded systems.
  • Websites

  • OpenGarages - Provides public access, documentation and tools necessary to understand today's modern vehicle systems.
  • Who to Follow

  • Chris Valasek: Security Lead at UberATC
  • Charlie Miller: Hacked the first Apple iPhone, now does car security.
  • Samy Kamkar: Created MySpace Worm, RollJam, OwnStar.
  • Justin Seitz: Author of Black Hat Python (No Starch Press).
  • Troy Hunt: Pluralsight author. Microsoft Regional Director and MVP for Developer Security. Creator of haveibeenpwned.
  • Podcasts and Episodes

    Podcasts

  • Security Weekly - Excellent podcast covering all ranges of security, with some episodes focusing portions on vehicle security from cars to drones.
  • Podcasts and Episodes

    Episodes

  • Car Hacking with Craig Smith - Software Engineering Daily did an amazing episode with Craig Smith, author of the Car Hacking Handbook (above), on hacking into vehicles.
  • Hardware

  • Arduino - Arduino boards have a number of shields you can attach to connect to CAN-enabled devices.
  • ELM327 - The de facto chipset that's very cheap and can be used to connect to CAN devices.
  • Applications

  • Wireshark - WireShark can be used for reversing CAN communications.
  • Intrepid Tools - Expensive, but extremely versatile tools specifically designed for reversing CAN and other vehicle communication protocols.
  • OpenXC - Currently, OpenXC works with Python and Android, with libraries provided to get started.
  • openpilotstars35.2k - openpilot is an open source driving agent that performs the functions of Adaptive Cruise Control (ACC) and Lane Keeping Assist System (LKAS) for Hondas and Acuras.
  • Libraries and Tools

    Python

  • CANardstars482 - A Python framework for Controller Area Network applications.
  • Oct 6th, 2017

    Presentations

  • "Hopping on the CAN Bus" from BlackHat Asia 2015 - A talk from BlackHat Asia 2015 that aims to enable the audience to "gain an understanding of automotive systems, but will also have the tools to attack them".
  • Remote Exploitation of an Unaltered Passenger Vehicle - DEFCON 23 talk Chris Valasek and Charlie Miller give their now famous talk on hacking into a Jeep remotely and stopping it dead in its tracks.
  • Oct 4th, 2017

    Articles

  • Car Hacking: The definitive source - Charlie Miller and Chris Valasek publish all tools, data, research notes, and papers for everyone for free
  • Car Hacking on the cheap - Craig Smith wrote a brief article on working with Metasploit’s HWBrige using ELM327 Bluetooth dongle
  • Aug 27th, 2017

    Presentations

  • Car Hacking Videos - A web page with a long list of videos (40+) that are available online related to the topic of car hacking. From a 2007 DEF CON talk on modding engine ECUS and onwards (e.g. the 2017 Keen Security Tesla hack).
  • Aug 6th, 2017

    Presentations

  • State of Automotive Cyber Safety, 2015 - State of automotive hacking, policy, industry changes, etc. from I Am The Cavalry track at BSides Las Vegas, 2015.
  • State of Automotive Cyber Safety, 2016 - State of automotive hacking, policy, industry changes, etc. from I Am The Cavalry track at BSides Las Vegas, 2016.
  • How to Hack a Tesla Model S - DEF CON 23 talk by Marc Rogers and Kevin Mahaffey on hacking a Tesla. Tesla Co-Founder and CTO, JB Straubel, joins them to thank them and present a challenge coin.
  • Research Papers

  • 5-Star Automotive Cyber Safety Framework, 2015
  • Websites

  • I Am The Cavalry - Global grassroots (eg. volunteer) initiative focused on the intersection of security and human life/public safety issues, such as cars. Participation from security researchers, OEMs, Tier 1s, and many others. Published Automotive 5-Star Cyber Safety Framework.
  • Conferences

  • U.S. Automotve Cyber Security Summit European Automotive Cyber Security Summit - Conference series dedicated to automotive cyber security involving many OEMs, Tier 1s, academics, consultants, etc.
  • escar conference - Embedded security in cars. European event has run for over 10 years, and they now have US and Asia events.
  • IT Security for Vehicles - Conference run by the Association of German Engineers (VDI), with participation from US and European OEMs, Tier 1s, and others.
  • Who to Follow

  • I Am The Cavalry: Global grassroots (eg. volunteer) initiative focused on the intersection of security and human life/public safety issues, such as cars.
  • Coordinated disclosure

  • General Motors on HackerOne - Coordinated disclosure submissions accepted
  • Fiat Chrysler Automobiles on Bugcrowd - Coordinated disclosure submissions accepted, paid bounties offered
  • Tesla Motors on Bugcrowd - Coordinated disclosure submissions accepted, paid bounties offered
  • Jul 19th, 2017

    Presentations

  • Car Hacking 101 - Bugcrowd LevelUp 2017 by Alan Mond
  • Applications

  • Mazda AIO Tweaks - All-in-one installer/uninstaller for many available Mazda MZD Infotainment System tweaks.
  • mazda_getInfostars138 - A PoC that the USB port is an attack surface for a Mazda car's infotainment system and how Mazda hacks are made (known bug in the CMU).
  • Jul 15th, 2017

    Presentations

  • A Platform base on Visualization for Protecting CAN Bus Security - Syscan360 2016 SH talk by Jianhao Liu
  • Gateway Internals of Tesla Motors - Zeronights 2016 talk by Nie Seng and Liu Ling
  • Mar 1st, 2017

    Hardware

  • Macchina M2 - Macchina 2.0 is a complete overhaul of our 1.X generation of Macchina. The goals are still the same: Create an easy-to-use, fully-open, and super-compatible automotive interface.
  • Feb 11th, 2017

    Applications

  • metasploit - The popular metasploit framework now supports Hardware Bridge sessions, that extend the framework's capabilites onto hardware devices such as socketcan and SDR radios.
  • Feb 2nd, 2017

    Courses

  • Udacity's Self Driving Car Engineer Coursestars5.9k - The content for Udacity's self driving car software engineer course. The actual course on Udacity's website is here.
  • Applications

  • openalprstars10.5k - An open source Automatic License Plate Recognition library written in C++ with bindings in C#, Java, Node.js, Go, and Python.
  • Projects

  • Open Source Car Control Projectstars919 - The Open Source Car Control Project is a hardware and software project detailing the conversion of a late model vehicle into an autonomous driving research and development vehicle.
  • Open Vehicle Monitoring Systemstars257 - A community project building a hardware module for your car, a server to talk to it, and a mobile app to talk to the server, in order to allow developers and enthusiasts to add more functionality to their car and control it remotely.
  • Oct 24th, 2016

    Websites

  • canbushack: Hack Your Car - course on Vehicle Hacking methodology.
  • Carloop Community - Community of people interested in car hacking and connecting vehicles to the cloud.
  • Podcasts and Episodes

    Podcasts

  • SANS Internet Storm Center - the ISC run a regular podcast going into the latest vulnerabilities and security news.
  • Articles

  • Developments in Car Hacking - via the SANS Reading Room, Currie's paper analyses the risks and perils of smart vehicle technology.
  • Presentations

  • Ken Munro & Dave Lodge - Hacking the Mitsubishi Outlander & IOT - talk from BSides Manchester 2016 by Ken and Dave of Pen Test Partners
  • Who to Follow

  • Ken Munro: British researcher, works at Pen Test Partners; major interest in vehicle security
  • Pen Test Partners: British penetration testing firm; several posts concern their disclosed car security vulns
  • Oct 3rd, 2016

    Presentations

  • Can You Trust Autonomous Vehicles? - DEFCON 24 talk by Jianhao Liu, Chen Yan, Wenyuan Xu
  • Sep 22nd, 2016

    Hardware

  • USBtin - USBtin is a simple USB to CAN interface. It can monitor CAN busses and transmit CAN messages. USBtin implements the USB CDC class and creates a virtual comport on the host computer.
  • CANBus Triple - General purpose Controller Area Network swiss army knife and development platform.
  • CANSPY - A platform giving security auditors to audit CAN devices. It can be used to block, forward or modify CAN frames on the fly autonomously as well as interactively.
  • CANBadger - A tool for reverse-engineering and testing automotive systems. The CANBadger consists of both hardware and software. The main interface is a LPC1768/LPC1769 processor mounted on a custom PCB, which offers two CAN interfaces, SD Card, a blinky LED, some GPIO pins, power supply for peripherals and the ethernet port.
  • Applications

  • BUSMASTER -An Open Source tool to simulate, analyze and test data bus systems such as CAN, LIN, FlexRay.
  • CANToolzstars300 - CANToolz is a framework for analysing CAN networks and devices. It is based on several modules which can be assembled in a pipeline.
  • Sep 7th, 2016

    Hardware

  • Carloop - Open source development kit that makes it easy to connect your car to the Internet. Lowest cost car hacking tool that is compatible with SocketCAN and can-utils. No OBD-II to serial cable required.
  • Sep 6th, 2016

    Libraries and Tools

    C

  • vircarstars126 - a Virtual car userspace that sends CAN messages based on SocketCAN
  • Libraries and Tools

    Go

  • CAN Simulatorstars55 - A Go based CAN simulator for the Raspberry Pi to be used with PiCAN2 or the open source CAN Simulator boardstars153
  • Jul 29th, 2016

    Articles

  • Troy Hunt on Controlling Nissans - Troy Hunt goes into controlling Nissan vehicles.
  • IOActive's Tools and Data - Chris Valasek and Charlie Miller release some of their tools and data for hacking into vehicles in an effort to get more people into vehicle security research.
  • Anatomy of the Rolljam Wireless Car Hack - Overview of the RollJam rolling code exploitation device.
  • Who to Follow

  • OpenGarages: Initiative to created Vehicle Research Labs around the world.
  • Hackaday: Collaborative project hosting for hackers - there are frequently car projects on here.
  • Libraries and Tools

    Python

  • Caring Cariboustars414 - Intended to be the nmap of vehicle security.
  • Python-CAN - Python interface to various CAN implementations, including SocketCAN. Allows you to use Python 2.7.x or 3.3.x+ to communicate over CAN networks.
  • Companies and Jobs

  • UberATC - Uber Advanced Technologies Center - [email protected].
  • Presentations

  • Samy Kamkar on Hacking Vehicles with OnStar - Samy Kamkar, the prolific hacker behind the Samy worm on MySpace, explores hacking into vehicles with OnStar systems.
  • Adventures in Automotive Networks and Control Units - DEFCON 21 talk by Chris Valasek and Charlie Miller on automotive networks.
  • "Drive It Like You Hacked It" from DEFCON 23 - A talk and slides from Samy Kamkar's DEFCON 23/2015 talk that includes hacking garages, exploiting automotive mobile apps, and breaking rolling codes to unlock any vehicle with low cost tools.
  • Libraries and Tools

    C

  • SocketCAN Utilsstars1.6k - Userspace utilites for SocketCAN on Linux.
  • Libraries and Tools

    JavaScript

  • NodeJS extension to SocketCANstars180 - Allows you to communicate over CAN networks with simple JavaScript functions.
  • Jul 28th, 2016

    Hardware

  • ChipWhisperer - A system for side-channel attacks, such as power analysis and clock glitching.
  • CANtact - "The Open Source Car Tool" designed to help you hack your car. You can buy one or make your own following the guide here.
  • Freematics OBD-II Telematics Kit - Arduino-based OBD-II Bluetooth adapter kit has both an OBD-II device and a data logger, and it comes with GPS, an accelerometer and gyro, and temperature sensors.
  • GoodThopter12 - Crafted by a well-known hardware hacker, this board is a general board that can be used for exploration of automotive networks.
  • USB2CAN - Cheap USB to CAN connector that will register a device on linux that you can use to get data from a CAN network.
  • Intrepid Tools - Expensive, but extremely versatile tools specifically designed for reversing CAN and other vehicle communication protocols.
  • Red Pitaya - Replaces expensive measurement tools such as oscilloscopes, signal generators, and spectrum analyzers. Red Pitaya has LabView and Matlab interfaces, and you can write your own tools and applications for it. It even supports extensions for things like Arduino shields.
  • HackerSDR - A Software Defined Radio peripheral capable of transmission or reception of radio signals from 1 MHz to 6 GHz. Designed to enable test and development of modern and next generation radio technologies.
  • Articles

  • Tesla hackers explain how they did it at Defcon - Overview of DEFCON 23 presentation on hacking into Tesla cars.
  • Podcasts and Episodes

    Podcasts

  • Security Ledger - A podcast focusing on interviewing security experts about topics related to security.
  • TrustedSec Podcast - From the people at TrustedSec, leaders in Social Engineering, their episodes often go into recent vehicle vulnerabilities and exploits.
  • Podcasts and Episodes

    Episodes

  • Big Bugs Podcast Episode 1: Auto Bugs - Critical Vulns found in Cars with Jason Haddix - Jason Haddix explores major vulnerabilities found in cars.
  • Hacking Under the Hood and Into Your Car - Chris Valasek and Charlie Miller discuss with NPR how they were able to hack into vehicles.
  • Hacking Connected Vehicles with Chris Valasek of IOActive - Chris Valasek talks about hacking into connected vehicles.
  • Companies and Jobs

  • Tesla - Tesla hires security professionals for a variety of roles, particularly securing their vehicles.
  • Intrepid Control Systems - Embedded security company building tools for reversing vehicles.
  • Rapid7 - Rapid7 does work in information, computer, and embedded security.
  • IOActive - Security consulting firm that does work on pentesting hardware and embedded systems.
  • Websites

  • OWASP Internet of Things Project - OWASP's project to secure IoT, from cars to medical devices and beyond.
  • DEFCON Car Hacking Village - Car Hacking exercises from DEFCON 24.
  • Libraries and Tools

    Go

  • CANNiBUSstars96 - A Go server that allows a room full of researchers to simultaneously work on the same vehicle, whether for instructional purposes or team reversing sessions.
  • Applications

  • O2OO - Works with the ELM327 to record data to a SQLite database for graphing purposes. It also supports reading GPS data. You can connect this to your car and have it map out using Google Maps KML data where you drive.
  • Kayak - Java application for CAN bus diagnosis and monitoring.
  • UDSimstars202 - GUI tool that can monitor a CAN bus and automatically learn the devices attached to it by watching communications.
  • RomRaider - An open source tuning suite for the Subaru engine control unit that lets you view and log data and tune the ECU.
  • Libraries and Tools

    Python

  • c0fstars74 - A fingerprinting tool for CAN communications that can be used to find a specific signal on a CAN network when testing interactions with a vehicle.
  • Other Awesome Lists

  • Security
  • Meta
  • Last Checked At: 2022-06-24T18:48:04.374Z
    Previous
    meirwah/awesome-incident-response
    Next
    qazbnm456/awesome-web-security

    About

    Track your favorite github awesome repo, not just star it. trackawesomelist.com provides website, newsletter, RSS for tracking the popular awesome list by daily and weekly.
    Contact us: [email protected]
    Track Awesome List - Track your favorite Github awesome repos, not just star them | Product Hunt

    Subscribe

    Subscribe to our weekly newsletter to receive the awesome updates! We never send spam and you can unsubscribe instantly with one click. Here's past issues.

    Links

    Follow us on TwitterSubscribe us on TelegramSubmit awesome list repoNewsletterDonateSitemap