Last updated: October 12, 2016
If you think that shiny new car is invulnerable to attack from a hacker, witness the recent high-profile vulnerability of Nissan's electric Leaf cars that could allow outsiders to take control of its electronics. In fact, every car-bound computer, regardless of whether it's for music, engine control or navigation, is a potential back door for someone to get in and take over your vehicle. The Car Hacker's Handbook, by Craig Smith is an excellent resource that describes the problem, presents solutions and deserves a place next to your Chilton repair manuals.
Smith's expertise is in security which shows with detailed descriptions of threats that today's (and tomorrow's) vehicles face. His approach is borrowed from network security experts: probe and test defenses to know where an attack is most likely to occur.
I was looking for a complete description of the different avenues of attack that a modern car needs to be defended against. The Car Hacker's Handbook delivers with rich array of descriptions of the specs, tools and potential hacks, such as both front-door, such as via the On-Board Diagnostics (OBD) and back-door attacks by interrogating the individual components one at a time.
In addition to instructions for different levels of protection, plus appraisals of outside threats, Smith's book explains how bus protocols work and how components talk to each other. Finally, the title culminates with chapters on how to tap into a car's diagnostics, reverse engineering the Controller Area Network (CAN) bus, and includes a forward-looking section about upcoming car-to-car communications.
Smith's book is definitely not the for the car or computer novice. He talks extensively about software tools you'll need, plus code samples. The book also includes advice on staying a step ahead of a hacker by shrinking an attack so that it can fit into the limited memory space of the car's computer. That's not for the Sunday driver to tackle.
The most interesting part of the book is Smith's chapter on electronic performance tuning. Here, and in a couple other chapters, Craig had help from car-tuner Dave Blundell of Moates.net, a source for performance parts. Together, they outline the pros and cons of trying to squeeze more horsepower out of the engine by changing the code in the Engine Control Unit (ECU) as well as the vehicle's Electronic Programmable Read-Only Memory or Read-Only modules (EPROM and ROM).
Along the way, Smith deftly describes and defines everything that an automotive hacker needs and provides a nice glossary of terms and abbreviations at the end. My only criticism? The book was printed in black when colors could have helped with illustrations of some of the instructions.
Rather than an afterthought, security is front and center with The Car Hacker's Handbook. Anyone interested in electronically breaking into cars, or ideally thwarting such intrusions, should consider cracking into Smith's book first.
by Craig Smith
No Starch Press; 304 pages