Ethical hacking. It’s been around for a while and involves really smart and nerdy people legally breaking into computers, devices or networks to help corporations or government entities identify security vulnerabilities in their own systems. Not long ago, ethical hackers began crossing into the automotive industry, allegedly in an effort to alert car manufacturers to potentially dangerous security gaps in their vehicles’ computer systems.
Most of us don’t think twice about how our vehicle’s navigation, Bluetooth or infotainment systems work, much less if those technologies present some sort of risk to us as we drive to Grandma’s house. But imagine someone actually taking control of one aspect or another of your vehicle as you drive down the highway.
Or—and this is coming—apps installed in your car’s infotainment system with your personal information stored in them, just like your smartphone. You have control of your phone, but your vehicle is a sitting duck.
That’s where Craig Smith’s new book, The Car Hacker’s Handbook: A Guide for the Penetration Tester, comes in. Craig is basically an ethical hacker, working to fully understand vehicle computer systems and identify security loopholes partially through an organization he founded called Open Garages.
Here’s Craig talking about what he does and why:
A Guide or a Warning?
I’m not one with concerns of microchips in our wrists with black helicopters flying overhead, but vehicle computer systems are already quite sophisticated, and history tells us that where there are computers and networks, there are hackers. So why would anyone publish a guide to help others hack cars? Think of this book as a warning to automobile manufacturers, not a how-to guide.
Yes, The Car Hacker’s Handbook tells us how we could technically reverse engineer the CAN bus to fake engine signals or override certain factory settings with performance-tuning techniques, but we already have legal tuners and even jailbreaking hardware and software for infotainment systems. And as with any public concern, enlightenment generally results in solutions, so this book could actually be considered a $30 security audit for automakers—and that’s a bargain.
This is pretty nerdy stuff, so Craig’s book isn’t for the simple plug-n-play performance seeker. This book talks about hacking vehicle ECU and embedded systems and building virtual test benches to experiment with various exploits. You can break your car with this stuff and the dealer likely won’t fix it. But for those interested in better understanding the ones-and-zeros behind what is arguably more complex than the engine itself in a vehicle, this book is for you.