Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
awesome-vehicle-security
A curated list of resources for learning about vehicle security and car hacking.
https://github.com/eric-erki/awesome-vehicle-security
Last synced: 4 days ago
JSON representation
-
Applications
-
Episodes
- Kayak - Java application for CAN bus diagnosis and monitoring.
- Wireshark - WireShark can be used for reversing CAN communications.
- Kayak - Java application for CAN bus diagnosis and monitoring.
- OpenXC - Currently, OpenXC works with `Python` and `Android`, with libraries provided to get started.
- metasploit - The popular metasploit framework now supports Hardware Bridge sessions, that extend the framework's capabilites onto hardware devices such as socketcan and SDR radios.
- Mazda AIO Tweaks - All-in-one installer/uninstaller for many available Mazda MZD Infotainment System tweaks.
- Kayak - Java application for CAN bus diagnosis and monitoring.
- Kayak - Java application for CAN bus diagnosis and monitoring.
- Kayak - Java application for CAN bus diagnosis and monitoring.
- Kayak - Java application for CAN bus diagnosis and monitoring.
- Kayak - Java application for CAN bus diagnosis and monitoring.
- Kayak - Java application for CAN bus diagnosis and monitoring.
- Kayak - Java application for CAN bus diagnosis and monitoring.
-
-
Podcasts and Episodes
-
Podcasts
- TrustedSec Podcast - From the people at TrustedSec, leaders in Social Engineering, their episodes often go into recent vehicle vulnerabilities and exploits.
- SANS Internet Storm Center - the ISC run a regular podcast going into the latest vulnerabilities and security news.
- Security Ledger - A podcast focusing on interviewing security experts about topics related to security.
-
Episodes
- Hacking Connected Vehicles with Chris Valasek of IOActive - Chris Valasek talks about hacking into connected vehicles.
- Hackable? - Cars are Computers - Geoff Siskind paired up with Craig Smith, author of The Car Hacker’s Handbook, to show us just how easy – or not – it is to hack a car.
-
-
Miscellaneous
-
Episodes
- Arduino - Arduino boards have a number of shields you can attach to connect to CAN-enabled devices.
- ChuangZhou CAN-Bus Shield
- SparkFun CAN-BUS Shield
- ELM327 - The de facto chipset that's very cheap and can be used to connect to CAN devices.
- OpenXC - OpenXC is a combination of open source hardware and software that lets you extend your vehicle with custom applications and pluggable modules. It uses standard, well-known tools to open up a wealth of data from the vehicle to developers. Started by researchers at Ford, it works for all 2002 and newer MY vehicles (standard OBD-II interface). Researchers at Ford Motor Company joined up to create a standard way of creating aftermarket software and hardware for vehicles.
- Macchina M2 - Macchina 2.0 is a complete overhaul of our 1.X generation of Macchina. The goals are still the same: Create an easy-to-use, fully-open, and super-compatible automotive interface.
- PandwaRF - PandwaRF is a pocket-sized, portable RF analysis tool operating the sub-1 GHz range. It allows the capture, analysis and re-transmission of RF via an Android device or a Linux PC. Capture any data in ASK/OOK/MSK/2-FSK/GFSK modulation from the 300-928 MHz band.
- HackerSDR - A Software Defined Radio peripheral capable of transmission or reception of radio signals from 1 MHz to 6 GHz. Designed to enable test and development of modern and next generation radio technologies.
- Carloop - Open source development kit that makes it easy to connect your car to the Internet. Lowest cost car hacking tool that is compatible with SocketCAN and can-utils. No OBD-II to serial cable required.
- CANSPY - A platform giving security auditors to audit CAN devices. It can be used to block, forward or modify CAN frames on the fly autonomously as well as interactively.
- CANBus Triple - General purpose Controller Area Network swiss army knife and development platform.
- This article
- CANtact - "The Open Source Car Tool" designed to help you hack your car. You can buy one or make your own following the guide here.
-
-
Presentations
- Self-Driving and Connected Cars: Fooling Sensors and Tracking Drivers - Black Hat talk by Jonathan Petit. Automated and connected vehicles are the next evolution in transportation and will improve safety, traffic efficiency and driving experience. This talk will be divided in two parts: 1) security of autonomous automated vehicles and 2) privacy of connected vehicles. 2015
- A Survey of Remote Automotive Attack Surfaces - Black Hat talk By Charlie Miller and Chris Valasek. Automotive security concerns have gone from the fringe to the mainstream with security researchers showing the susceptibility of the modern vehicle to local and remote attacks. Discussion of vehicle attack surfaces. 2014.
- Pentesting vehicles with YACHT (Yet Another Car Hacking Tool) - A presentation that discuesses different attack surfaces of a vehicle, then continues to describe an approach to car hacking along with tools needed to analyse and gather useful information.
- How to drift with any car - Introduction to CAN hacking, and using a real car as an Xbox controller.
- Car Infotainment Hacking Methodology and Attack Surface Scenario - A guide on how to attack, hunt bugs or hack your IVI by Jay Turla which was presented at the Packet Hacking Village / Wall of Sheep during DEF CON 26.
- "Hopping on the CAN Bus" from BlackHat Asia 2015 - A talk from BlackHat Asia 2015 that aims to enable the audience to "gain an understanding of automotive systems, but will also have the tools to attack them".
- "Drive It Like You Hacked It" from DEFCON 23 - A talk and slides from Samy Kamkar's DEFCON 23/2015 talk that includes hacking garages, exploiting automotive mobile apps, and breaking rolling codes to unlock any vehicle with low cost tools.
- Samy Kamkar on Hacking Vehicles with OnStar - Samy Kamkar, the prolific hacker behind the Samy worm on MySpace, explores hacking into vehicles with OnStar systems.
- Remote Exploitation of an Unaltered Passenger Vehicle - DEFCON 23 talk Chris Valasek and Charlie Miller give their now famous talk on hacking into a Jeep remotely and stopping it dead in its tracks.
- Adventures in Automotive Networks and Control Units - DEFCON 21 talk by Chris Valasek and Charlie Miller on automotive networks.
- Can You Trust Autonomous Vehicles? - DEFCON 24 talk by Jianhao Liu, Chen Yan, Wenyuan Xu
- Ken Munro & Dave Lodge - Hacking the Mitsubishi Outlander & IOT - talk from BSides Manchester 2016 by Ken and Dave of [Pen Test Partners](#who-to-follow)
- A Platform base on Visualization for Protecting CAN Bus Security - Syscan360 2016 SH talk by Jianhao Liu
- Gateway Internals of Tesla Motors - Zeronights 2016 talk by Nie Seng and Liu Ling
- Car Hacking 101 - Bugcrowd LevelUp 2017 by Alan Mond
- State of Automotive Cyber Safety, 2015 - State of automotive hacking, policy, industry changes, etc. from I Am The Cavalry track at BSides Las Vegas, 2015.
- State of Automotive Cyber Safety, 2016 - State of automotive hacking, policy, industry changes, etc. from I Am The Cavalry track at BSides Las Vegas, 2016.
- How to Hack a Tesla Model S - DEF CON 23 talk by Marc Rogers and Kevin Mahaffey on hacking a Tesla. Tesla Co-Founder and CTO, JB Straubel, joins them to thank them and present a challenge coin.
-
Books
- 2014 Car Hacker's Handbook - Free guide to hacking vehicles from 2014. You can also buy the book on Amazon [here](https://www.amazon.com/Car-Hackers-Manual-Craig-Smith/dp/0990490106?ie=UTF8&keywords=2014%20car%20hacker%27s%20manual&qid=1405445024&ref_=sr_1_1&sr=8-1).
- 2016 Car Hacker's Handbook - Latest version of the Car Hacker's handbook with updated information to hack your own vehicle and learning vehicle security. For a physical copy as well unlimited PDF, MOBI, and EPUB copies of the book, buy it at [No Starch Press](https://www.nostarch.com/carhacking). Sections are available online [here](https://books.google.com/books?id=Ao_QCwAAQBAJ&lpg=PP1&dq=car%20hacking&pg=PP1#v=onepage&q&f=false).
- 智能汽车安全攻防大揭秘 - By-Wire remote control system, common potential attack surface, etc. Finally, a detailed analysis of some actual automotive attack or security test cases, and defense analysis of the loopholes involved in the case during the analysis process.
- Inside Radio: An Attack and Defense Guide
- A Comprehensible Guide to Controller Area Network - An older book from 2005, but still a comprehensive guide on CAN buses and networking in vehicles.
-
Research Papers
-
Blogs
- Keen Security Lab Blog - Blog created by Keen Security Lab of Tencent that posts research on car security.
-
Websites
- Carloop Community - Community of people interested in car hacking and connecting vehicles to the cloud.
- canbushack: Hack Your Car - course on Vehicle Hacking methodology.
-
Conferences
- U.S. Automotve Cyber Security Summit - cyber-security.iqpc.de/) - Conference series dedicated to automotive cyber security involving many OEMs, Tier 1s, academics, consultants, etc.
- escar conference - Embedded security in cars. European event has run for over 10 years, and they now have US and Asia events.
- IT Security for Vehicles - Conference run by the Association of German Engineers (VDI), with participation from US and European OEMs, Tier 1s, and others.
-
Who to Follow
-
Libraries and Tools
-
Python
- Python-CAN - Python interface to various CAN implementations, including SocketCAN. Allows you to use Python 2.7.x or 3.3.x+ to communicate over CAN networks.
-
JavaScript
- UberATC - Uber Advanced Technologies Center - <[email protected]>.
- Tesla - Tesla hires security professionals for a variety of roles, particularly securing their vehicles.
- Rapid7 - Rapid7 does work in information, computer, and embedded security.
-
-
Coordinated disclosure
-
JavaScript
- General Motors - Coordinated disclosure submissions accepted
- Fiat Chrysler Automobiles - Coordinated disclosure submissions accepted, paid bounties offered
- Tesla Motors - Coordinated disclosure submissions accepted, paid bounties offered
- Application Security
- Security
- Capture the Flag
- Malware Analysis
- Android Security
- Hacking
- Honeypots
- Incident Response
-
-
Articles
- Anatomy of the Rolljam Wireless Car Hack - Overview of the RollJam rolling code exploitation device.
- Stopping a Jeep Cherokee on the Highway Remotely - Chris Valasek's and Charlie Miller's pivotal research on hacking into Jeep's presented at DEFCON in 2015.
- Troy Hunt on Controlling Nissans - Troy Hunt goes into controlling Nissan vehicles.
- Car Hacking on the cheap - Craig Smith wrote a brief article on working with Metasploit’s HWBrige using ELM327 Bluetooth dongle
- Researchers tackle autonomous vehicle security - Texas A&M researchers develop intelligence system prototype.
- How big data will impact car security in the proximate future: Concerns and solutions - Impact of big data on car security.
- Reverse engineering of the Nitro OBD2 - Reverse engineering of CAN diagnostic tools.
- Analysis of an old Subaru Impreza - Subaru Select Monitor v1 (SSM1) - Digging into an old ECU through an old protocol and disabling a 1997 Subaru Impreza's speed limiter.
- Car Hacking in 30 Minutes or Less - Using VirtualBox and Kali Linux, you can start car hacking using completely free open-source software and tools, including can-utils, ICSim, ScanTool, Wireshark, and tcpdump
- Developments in Car Hacking - via the SANS Reading Room, Currie's paper analyses the risks and perils of smart vehicle technology.
Programming Languages
Categories
Sub Categories
Keywords
awesome
6
security
5
awesome-list
5
list
4
dynamic-analysis
1
drop-ice
1
domain-analysis
1
chinese-translation
1
chinese
1
automated-analysis
1
analysis-framework
1
penetration
1
ctf
1
security-experts
1
reading-list
1
owasp
1
curated
1
application-security
1
incident-response-tooling
1
incident-response
1
dfir
1
cybersecurity
1
honeypot
1
honeyd
1
hacking
1
android
1
threatintel
1
threat-sharing
1
threat-intelligence
1
static-analysis
1
network-traffic
1
malware-samples
1
malware-research
1
malware-collection
1
malware-analysis
1