- Paperback: 304 pages
- Publisher: No Starch Press; 1 edition (March 1, 2016)
- Language: English
- ISBN-10: 1593277032
- ISBN-13: 978-1593277031
- Product Dimensions: 7.1 x 0.7 x 9.3 inches
- Shipping Weight: 1.2 pounds (View shipping rates and policies)
- Average Customer Review: 36 customer reviews
Amazon Best Sellers Rank:
#225,022 in Books (See Top 100 in Books)
- #20 in Books > Engineering & Transportation > Engineering > Electrical & Electronics > Electric Machinery & Motors
- #33 in Books > Engineering & Transportation > Automotive > Repair & Maintenance > Testing & Certification
- #113 in Books > Engineering & Transportation > Engineering > Electrical & Electronics > Circuits
Enter your mobile number or email address below and we'll send you a link to download the free Kindle App. Then you can start reading Kindle books on your smartphone, tablet, or computer - no Kindle device required.
To get the free app, enter your mobile phone number.
The Car Hacker's Handbook: A Guide for the Penetration Tester 1st Edition
Use the Amazon App to scan ISBNs and compare prices.
Frequently bought together
Customers who bought this item also bought
About the Author
Craig Smith runs Theia Labs, a research firm that focuses on security auditing and building hardware and software prototypes. He has worked for several auto manufacturers and provided them with his public research. He is also a founder of the Hive13 hackerspace and OpenGarages.org. Craig is a frequent speaker on car hacking and has run workshops at RSA, DEF CON, and other major security conferences
Discover books for all types of engineers, auto enthusiasts, and much more. Learn more
Top customer reviews
There was a problem filtering reviews right now. Please try again later.
We are in that situation now with vulnerabilities around automobile systems. While researchers have been sued and their findings removed from public view, it’s only a matter of time until there will be widespread hacks against car systems.
In the just released The Car Hacker's Handbook: A Guide for the Penetration Tester, author Craig Smith has written a fascinating book about how connected cars work, and how they can be hacked. The book provides a substantial amount of information about the applications and embedded software that runs the vehicle.
If conference titles are any sort of indicator of the importance of an issue, the recent 2016 RSA Security conference shows the importance of automobile security. The following presentations around auto security were given:
• Collision Investigator: Aftermath of the Auto Hacks (given by author Craig Smith)
• Braking the Connected Car: The Future of Vehicle Vulnerabilities
• Do We Need Cyber-Ratings for the Auto Industry?
• Automobiles are Getting Hacked: What’s Next for Transportation Security?
Adding to the issue is that last week the FBI issued a public service announcement that motor vehicles are increasingly vulnerable to remote exploits. Last week also saw a Tesla Model S hacking keynote during the CeBIT conference.
This is a truly fascinating book showing how connected cars are vulnerable due to poorly written software. As new cars are highly computerized; the underlying security is only as good as it is designed and implemented. Based on that, Smith shows how we are far from that state of secure design and implementation. As detailed in the book, some cars can be hacked with ease. In chapter 9, Smith notes that it is often easy to modify the software as the vendors provide no defense against an attack.
Smith writes that early car systems often had proprietary software systems that made hacking harder. With many manufactures moving to open systems due to cost savings; many of the initial challenges have been obviated. Newer cars now use Ethernet, VoIP and other open standards and protocols.
At the end of the day, anything with connectivity and software can be hacked. Cars have a lot of software and each year with added functionality and more lines of code, the risks increase.
While the book focuses on new cars, older cars can still be network via aftermarket additions. So it’s not so farfetched that an Edsel could be hacked.
The book is an outgrowth of Car Hacker's Handbook from the Open Garages project, of which Smith is the founder. Open Garages are Vehicle Research Labs (VRL) centered around understanding the increasingly complex vehicle systems and provides public access, documentation and tools necessary to understand today's modern vehicle systems.
The book provides the reader with a detailed overview of the computer systems and embedded software ubiquitous in today’s new cars. Smith details that vehicles have numerous entry points where a hack can occur. From the CAN, infotainment system, engine control unit (ECU) and more.
Smith knows the topic eminently well and the book is a fascinating read. This is a highly technical book. Those with coding experience will find the most value in the book.
In Chapter 1, Smith provides a good overview of the many threats that cars face. He writes of the importance of threat modeling when attempting to design a secure car system. A good reference he does not mention which lends itself quite well to the topic is the definitive guide on the topic, Adam Shostack’s Threat Modeling: Designing for Security.
The early chapters provide a significant amount of technical information around the controller area network (CAN) bus. This is a message-based protocol vehicle bus standard, designed to allow microcontrollers and devices to communicate with each other in applications without a host computer.
Smith provides a number of ways that one can review engineer the CAN bus and send fake signals to the systems or engine. While not trivial, these do take programming expertise. But nonetheless, there are far from theoretical.
As history repeats itself, most of the auto manufacturers are focusing more on usability than security. When alerted to the security issues, they will often reply with a generic response that they take security seriously and are continually working to improve the security of their vehicles, including their proprietary vehicle software, as they develop and incorporate even more advanced electronic features into their vehicles. Within that doublespeak is often denial of the bigger pictures. That is the scenario that book addresses.
50 years ago, Ralph Nader wrote Unsafe at Any Speed: The Designed-In Dangers of the American Automobile showing how car manufacturers didn’t put in safety features that were available at the time, and were quite resistant to spending money on improving safety.
Today the situation is the same when it comes to car software. Nader’s book was a wakeup call and it’s hoped that The Car Hacker's Handbook: A Guide for the Penetration Tester will do that same. For those that want to understand what goes on under the hood of the car from a software perspective, this is a most worthwhile read.
I work at a company where I've had to read car bus specs and implement decoders for them. However that was mostly done without context. This book places all of that in context. As I was reading through the book I kept say thing - I wish I'd known that and I wish I'd thought of that. I rarely have that happen reading technical books.
This book isn't going to turn you into a professional hacker, but when you're done reading you'll have a better understanding of how cars really work and how to probe a bit deeper into them. I don't aspire to hack my car. But this book has given me several ideas of things I should try at work.