Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

AVS-awesome-vehicle-security-

UNA LISTA SELECCIONADA DE RECURSOS PARA AUTOMOVIL
https://github.com/TheRipperJhon/AVS-awesome-vehicle-security-

Last synced: 2 days ago
JSON representation

Articles
- Stopping a Jeep Cherokee on the Highway Remotely - Chris Valasek's and Charlie Miller's pivotal research on hacking into Jeep's presented at DEFCON in 2015.
- Troy Hunt on Controlling Nissans - Troy Hunt goes into controlling Nissan vehicles.
- Researchers tackle autonomous vehicle security - Texas A&M researchers develop intelligence system prototype.
- How big data will impact car security in the proximate future: Concerns and solutions - Impact of big data on car security.
- Car Hacking on the cheap - Craig Smith wrote a brief article on working with Metasploit’s HWBrige using ELM327 Bluetooth dongle
- Developments in Car Hacking - via the SANS Reading Room, Currie's paper analyses the risks and perils of smart vehicle technology.
- Anatomy of the Rolljam Wireless Car Hack - Overview of the RollJam rolling code exploitation device.
Research Papers
Presentations
- "Hopping on the CAN Bus" from BlackHat Asia 2015 - A talk from BlackHat Asia 2015 that aims to enable the audience to "gain an understanding of automotive systems, but will also have the tools to attack them".
- "Drive It Like You Hacked It" from DEFCON 23 - A talk and slides from Samy Kamkar's DEFCON 23/2015 talk that includes hacking garages, exploiting automotive mobile apps, and breaking rolling codes to unlock any vehicle with low cost tools.
- Samy Kamkar on Hacking Vehicles with OnStar - Samy Kamkar, the prolific hacker behind the Samy worm on MySpace, explores hacking into vehicles with OnStar systems.
- Remote Exploitation of an Unaltered Passenger Vehicle - DEFCON 23 talk Chris Valasek and Charlie Miller give their now famous talk on hacking into a Jeep remotely and stopping it dead in its tracks.
- Adventures in Automotive Networks and Control Units - DEFCON 21 talk by Chris Valasek and Charlie Miller on automotive networks.
- Can You Trust Autonomous Vehicles? - DEFCON 24 talk by Jianhao Liu, Chen Yan, Wenyuan Xu
- Ken Munro & Dave Lodge - Hacking the Mitsubishi Outlander & IOT - talk from BSides Manchester 2016 by Ken and Dave of [Pen Test Partners](#who-to-follow)
- A Platform base on Visualization for Protecting CAN Bus Security - Syscan360 2016 SH talk by Jianhao Liu
- Gateway Internals of Tesla Motors - Zeronights 2016 talk by Nie Seng and Liu Ling
- Car Hacking 101 - Bugcrowd LevelUp 2017 by Alan Mond
- State of Automotive Cyber Safety, 2015 - State of automotive hacking, policy, industry changes, etc. from I Am The Cavalry track at BSides Las Vegas, 2015.
- State of Automotive Cyber Safety, 2016 - State of automotive hacking, policy, industry changes, etc. from I Am The Cavalry track at BSides Las Vegas, 2016.
- How to Hack a Tesla Model S - DEF CON 23 talk by Marc Rogers and Kevin Mahaffey on hacking a Tesla. Tesla Co-Founder and CTO, JB Straubel, joins them to thank them and present a challenge coin.
- Self-Driving and Connected Cars: Fooling Sensors and Tracking Drivers - Black Hat talk by Jonathan Petit. Automated and connected vehicles are the next evolution in transportation and will improve safety, traffic efficiency and driving experience. This talk will be divided in two parts: 1) security of autonomous automated vehicles and 2) privacy of connected vehicles. 2015
- A Survey of Remote Automotive Attack Surfaces - Black Hat talk By Charlie Miller and Chris Valasek. Automotive security concerns have gone from the fringe to the mainstream with security researchers showing the susceptibility of the modern vehicle to local and remote attacks. Discussion of vehicle attack surfaces. 2014.
- Pentesting vehicles with YACHT (Yet Another Car Hacking Tool) - A presentation that discuesses different attack surfaces of a vehicle, then continues to describe an approach to car hacking along with tools needed to analyse and gather useful information.
Books
- 2014 Car Hacker's Handbook - Free guide to hacking vehicles from 2014. You can also buy the book on Amazon [here](https://www.amazon.com/Car-Hackers-Manual-Craig-Smith/dp/0990490106?ie=UTF8&keywords=2014%20car%20hacker%27s%20manual&qid=1405445024&ref_=sr_1_1&sr=8-1).
- 2016 Car Hacker's Handbook - Latest version of the Car Hacker's handbook with updated information to hack your own vehicle and learning vehicle security. For a physical copy as well unlimited PDF, MOBI, and EPUB copies of the book, buy it at [No Starch Press](https://www.nostarch.com/carhacking). Sections are available online [here](https://books.google.com/books?id=Ao_QCwAAQBAJ&lpg=PP1&dq=car%20hacking&pg=PP1#v=onepage&q&f=false).
- A Comprehensible Guide to Controller Area Network - An older book from 2005, but still a comprehensive guide on CAN buses and networking in vehicles.
Blogs
- Keen Security Lab Blog - Blog created by Keen Security Lab of Tencent that posts research on car security.
Websites
- Carloop Community - Community of people interested in car hacking and connecting vehicles to the cloud.
- canbushack: Hack Your Car - course on Vehicle Hacking methodology.
Conferences
- U.S. Automotve Cyber Security Summit - cyber-security.iqpc.de/) - Conference series dedicated to automotive cyber security involving many OEMs, Tier 1s, academics, consultants, etc.
- escar conference - Embedded security in cars. European event has run for over 10 years, and they now have US and Asia events.
- IT Security for Vehicles - Conference run by the Association of German Engineers (VDI), with participation from US and European OEMs, Tier 1s, and others.
Who to Follow
- Twitter
- Twitter
- Twitter
- Website
- Twitter
- haveibeenpwned
- Twitter
- Website
- Twitter
- Twitter
- Twitter
- Twitter
- Twitter
- Website
Podcasts and Episodes
- Podcasts
  - TrustedSec Podcast - From the people at TrustedSec, leaders in Social Engineering, their episodes often go into recent vehicle vulnerabilities and exploits.
  - SANS Internet Storm Center - the ISC run a regular podcast going into the latest vulnerabilities and security news.
  - Security Ledger - A podcast focusing on interviewing security experts about topics related to security.
- Episodes
  - Hacking Connected Vehicles with Chris Valasek of IOActive - Chris Valasek talks about hacking into connected vehicles.
  - Arduino - Arduino boards have a number of shields you can attach to connect to CAN-enabled devices.
  - ChuangZhou CAN-Bus Shield
  - SparkFun CAN-BUS Shield
  - ELM327 - The de facto chipset that's very cheap and can be used to connect to CAN devices.
  - HackerSDR - A Software Defined Radio peripheral capable of transmission or reception of radio signals from 1 MHz to 6 GHz. Designed to enable test and development of modern and next generation radio technologies.
  - Carloop - Open source development kit that makes it easy to connect your car to the Internet. Lowest cost car hacking tool that is compatible with SocketCAN and can-utils. No OBD-II to serial cable required.
  - CANSPY - A platform giving security auditors to audit CAN devices. It can be used to block, forward or modify CAN frames on the fly autonomously as well as interactively.
  - CANBus Triple - General purpose Controller Area Network swiss army knife and development platform.
  - OpenXC - OpenXC is a combination of open source hardware and software that lets you extend your vehicle with custom applications and pluggable modules. It uses standard, well-known tools to open up a wealth of data from the vehicle to developers. Started by researchers at Ford, it works for all 2002 and newer MY vehicles (standard OBD-II interface). Researchers at Ford Motor Company joined up to create a standard way of creating aftermarket software and hardware for vehicles.
  - Macchina M2 - Macchina 2.0 is a complete overhaul of our 1.X generation of Macchina. The goals are still the same: Create an easy-to-use, fully-open, and super-compatible automotive interface.
  - PandwaRF - PandwaRF is a pocket-sized, portable RF analysis tool operating the sub-1 GHz range. It allows the capture, analysis and re-transmission of RF via an Android device or a Linux PC. Capture any data in ASK/OOK/MSK/2-FSK/GFSK modulation from the 300-928 MHz band.
  - CANtact - "The Open Source Car Tool" designed to help you hack your car. You can buy one or make your own following the guide here.
  - Hackable? - Cars are Computers - Geoff Siskind paired up with Craig Smith, author of The Car Hacker’s Handbook, to show us just how easy – or not – it is to hack a car.
  - This article
Applications
- Episodes
  - Wireshark - WireShark can be used for reversing CAN communications.
  - Kayak - Java application for CAN bus diagnosis and monitoring.
  - OpenXC - Currently, OpenXC works with `Python` and `Android`, with libraries provided to get started.
  - metasploit - The popular metasploit framework now supports Hardware Bridge sessions, that extend the framework's capabilites onto hardware devices such as socketcan and SDR radios.
  - Mazda AIO Tweaks - All-in-one installer/uninstaller for many available Mazda MZD Infotainment System tweaks.
  - Kayak - Java application for CAN bus diagnosis and monitoring.
  - Kayak - Java application for CAN bus diagnosis and monitoring.
  - Kayak - Java application for CAN bus diagnosis and monitoring.
  - Kayak - Java application for CAN bus diagnosis and monitoring.
  - Kayak - Java application for CAN bus diagnosis and monitoring.
  - Kayak - Java application for CAN bus diagnosis and monitoring.
  - Kayak - Java application for CAN bus diagnosis and monitoring.
  - Kayak - Java application for CAN bus diagnosis and monitoring.
  - Kayak - Java application for CAN bus diagnosis and monitoring.
Libraries and Tools
- Python
  - Python-CAN - Python interface to various CAN implementations, including SocketCAN. Allows you to use Python 2.7.x or 3.3.x+ to communicate over CAN networks.
- JavaScript
  - UberATC - Uber Advanced Technologies Center - <[email protected]>.
  - Tesla - Tesla hires security professionals for a variety of roles, particularly securing their vehicles.
  - Rapid7 - Rapid7 does work in information, computer, and embedded security.
Coordinated disclosure
- JavaScript
  - General Motors - Coordinated disclosure submissions accepted
  - Fiat Chrysler Automobiles - Coordinated disclosure submissions accepted, paid bounties offered
  - Tesla Motors - Coordinated disclosure submissions accepted, paid bounties offered
  - Application Security
  - Security
  - Capture the Flag
  - Malware Analysis
  - Android Security
  - Hacking
  - Honeypots
  - Incident Response

Programming Languages

Rust 1 Python 1 Shell 1 JavaScript 1 PHP 1

Ecosyste.ms: Awesome

AVS-awesome-vehicle-security-

Articles

Research Papers

Presentations

Books

Blogs

Websites

Conferences

Who to Follow

Podcasts and Episodes

Podcasts

Episodes

Applications

Episodes

Libraries and Tools

Python

JavaScript

Coordinated disclosure

JavaScript