awesome-vehicle-security
🚗 A curated list of resources for learning about vehicle security and car hacking.
https://github.com/jaredthecoder/awesome-vehicle-security
Last synced: 6 days ago
JSON representation
-
Presentations
- FREE-FALL: HACKING TESLA FROM WIRELESS TO CAN BUS - Zeronights 2016 and later BlackHat talk by Sen Nie, Ling Liu, and Yuefeng Du from Tencent and KEEN Security lab
- TR22: UDS Fuzzing and the Path to Game Over - UDS diagnostics protocol fuzzing methodology, presented as a result of numerous penetration testing projects in the automotive industry, with real world exploitation PoCs, presented during Troopers Conference 2022.
- CCC - Horror Stories From the Automotive Industry - Horrifying examples of common vulnerabilities in the automotive industry, result of more than 100 penetration tests targeting Tier 1 suppliers and OEMs, with ultimate goal to raise awareness on the current state of automotive security. Additionally, PoC of automated week seed randomness exploitation in automotive components, by using a battery isolator in heavy-duty vehicles and the UDS protocol, for complete compromise of a target. Presented in Chaos Communication Camp, DeepSec 2023 and Troopers Conference 23.
- Car Hacking Scene in the PH: How Far We've Come - Car Hacking Village PH presents their first attempt on the main tracks for ROOTCON. This is a rundown of CHVPH's past security research to current research - from hacking infotainment systems to CAN Bus protocols and a summary of cars available in the Philippines which are susceptible to car thefts.
- Analysis of an In-vehicular network: From CAN bus to infotainment - This talk will feature Div0 CSQ’s 3 test benches as they explore more features on Connected vehicles. This was presented in ROOTCON 17 Car Hacking Village.
- An overview of Automotive Defensive Engineering - This talk is for car hackers to learn about modern defense measures being added to ECUs and Vehicle Architectures. This was presented in ROOTCON 17 Car Hacking Village.
- Hacking Back Your Car - Kamel Ghali's talk on ROOTCON 17 about how an attacker's perspective on hacking a car and origins of such attacks, how they've been used in different countries over the years, and explore the technical details of what makes such an attack possible.
- TR23: V2GEvil: Ghost in the wires - This research is dedicated to enhancing the cybersecurity of electric vehicles, with a specific focus on identifying vulnerabilities in the Electric Vehicle Communication Controller (EVCC), and an introduction to the tool V2GEvil. Accessible through the On-Board Charging (OBC) port, makes this attack vector really important for the security of future vehicles.
- DEF CON CHV - V2GEvil: Ghost in the wires - Shortened and summarized version of the talk V2GEvil: Ghost in the wires, from the DEF CON 32 Car Hacking Village, by Pavel Khunt and Thomas Sermpinis.
- The hack, the crash and two smoking barrels. (And all the times I (almost) killed an engineer.) - Thomas Sermpinis goes through the process of responsibly disclosing findings affecting the Blind Spot Detection Sensor of a current MY vehicle from one of the biggest OEMs in the world, leading to accusations that he was collaborating with hostile nations by the OEM. A story about how automotive manufacturers are treating the security industry, where are we heading, and how to be better, on the stage of DEF CON 32.
- Remote Exploitation of Honda Cars - The Honda Connect app used by Honda City 5th generation used weak security mechanisms in its APIs for access control which would allow a malicious user to perform actions like starting the car, locking/unlocking car etc. remotely by interacting with it's Telematics Control Unit (TCU)
-
Research Papers
- Miller and Valasek - Self proclaimed "car hacking the definitive source".
- Koscher et al. Experimental Security Analysis of a Modern Automobile, 2010
- Adventures in Automotive Networks and Control Units (aka car hacking)
- Car Hacking for Poories
- A Survey of Remote Automotive Attack Surfaces, 2014
- Remote Compromise of an Unaltered Passenger Vehicle (aka The Jeep Hack), 2015
- Advanced CAN Message Injection, 2016
- 5-Star Automotive Cyber Safety Framework, 2015
- A Vulnerability in Modern Automotive Standards and How We Exploited It
- Automobile Driver Fingerprinting, 2016
- Intrusion detection system based on the analysis of time intervals of CAN messages for in-vehicle network, 2016
- The Connected Car - Ways to get unauthorized access and potential implications, 2018
- CAN-D: A Modular Four-Step Pipeline for Comprehensively Decoding Controller Area Network Data
- Time-Based CAN Intrusion Detection Benchmark
- Addressing the Lack of Comparability & Testing in CAN Intrusion Detection Research: A Comprehensive Guide to CAN IDS Data & Introduction of the ROAD Dataset
- A Car Hacking Experiment: When Connectivity Meets Vulnerability
- Security issues and vulnerabilities in connected car systems
- Intrusion detection system based on the analysis of time intervals of CAN messages for in-vehicle network, 2016
- A Car Hacking Experiment: When Connectivity Meets Vulnerability
- Security issues and vulnerabilities in connected car systems
- Modeling Inter-Signal Arrival Times for Accurate Detection of CAN Bus Signal Injection Attacks
- On the Insecurity of Vehicles Against Protocol-Level Bluetooth Threats
- Pavel, K. Vehicle On-Board Charging Security Scanner, 2024
- Remote Compromise of an Unaltered Passenger Vehicle (aka The Jeep Hack), 2015
- Adventures in Automotive Networks and Control Units (aka car hacking)
- CAN-D: A Modular Four-Step Pipeline for Comprehensively Decoding Controller Area Network Data
- Car Hacking for Poories
- A Survey of Remote Automotive Attack Surfaces, 2014
- Time-Based CAN Intrusion Detection Benchmark
- Addressing the Lack of Comparability & Testing in CAN Intrusion Detection Research: A Comprehensive Guide to CAN IDS Data & Introduction of the ROAD Dataset
- Advanced CAN Message Injection, 2016
-
Uncategorized
-
Websites
- Automotive Security Research Group - The Automotive Security Research Group (ASRG) is a non-profit initiative to promote the development of security solutions for automotive products.
- canbushack: Hack Your Car - course on Vehicle Hacking methodology.
- I Am The Cavalry - Global grassroots (eg. volunteer) initiative focused on the intersection of security and human life/public safety issues, such as cars. Participation from security researchers, OEMs, Tier 1s, and many others. Published [Automotive 5-Star Cyber Safety Framework](https://iamthecavalry.org/5star).
- Carloop Community - Community of people interested in car hacking and connecting vehicles to the cloud.
- Python Security - A website for browsing and buying python-integrated cars having certain vehicular security features.
- NIST Automotive Cybersecurity Community of Interest - NIST, the organization behind the NVD CVE database and modern cryptographic standards, runs a Community of Interest group for Automotive Cybersecurity that seeks to "provide a way for NIST to facilitate the discussions and receive comments and feedback from the automotive industry, academia, and government.".
- OpenGarages - Provides public access, documentation and tools necessary to understand today's modern vehicle systems.
- canbushack: Hack Your Car - course on Vehicle Hacking methodology.
- Carloop Community - Community of people interested in car hacking and connecting vehicles to the cloud.
- Python Security - A website for browsing and buying python-integrated cars having certain vehicular security features.
-
Who to Follow
Programming Languages
Categories
Sub Categories
Keywords
awesome
10
awesome-list
9
security
6
automotive
6
can-bus
6
can
4
list
4
slcan
3
canbus
3
python
3
car-hacking
3
automotive-security
3
bus-monitoring
2
dbc
2
arduino
2
resources
2
logger
2
obd2
2
lawicel
2
socketcan
2
embedded
2
lists
2
elm327
1
industrial-automation
1
j2534
1
linux
1
robotics
1
canutils
1
driver-assistance-systems
1
advanced-driver-assistance-systems
1
unicorns
1
can-fd
1
incident-response-tooling
1
incident-response
1
application-security
1
curated
1
owasp
1
reading-list
1
security-experts
1
ctf
1
penetration
1
analysis-framework
1
automated-analysis
1
chinese
1
chinese-translation
1
domain-analysis
1
drop-ice
1
dynamic-analysis
1
malware-analysis
1
malware-collection
1