Book Spotlight: ‘The Car Hacker’s Handbook’ by Craig Smith
As vehicles continue to become increasingly integrated with internal computers, especially with the advent of connected and autonomous tech, on-board electronics are becoming more and more influential. Because of that, they’re becoming bigger and bigger targets for hackers looking to jeopardize the safety and security of cars.
Just last year, hackers were able to take control of a Jeep, wrestling steering and acceleration away from the driver and sending it into a ditch. Other automakers have had their issues, many of them stemming from the increased used of mobile phone apps to access a car’s basic functions. New threats pop up quickly, and security experts scramble to squash them.
As a precaution to guard against digital attacks and protect the security of your car’s system, security auditing expert Craig Smith of Theia Labs has written a book to help users identify and safeguard from potential threats. The Car Hacker’s Handbook offers information on IT infrastructure auditing along with common tricks users should know about.
The Car Hacker’s Handbook:
A Guide for the Penetration Tester by Craig Smith
Product Details: Softcover, 304 pages, 7.0 x 9.2 inches
Price: $49.95 or $39.95 as eBook
Publication Date: March 2016
Publisher: No Starch Press
Dangerous Security Threats: See how hackers took control of this Jeep
Craig Smith’s A Car Hacker’s Handbook is a detailed computer security guide to inform tech-savvy users on how a vehicle’s communication network works and how it can be hacked. The book contains much of the information–plus much, much more–from the 2014 publication from the Open Garages research project. It covers a wide range of topics, from building threat models to reverse engineering to overriding factory settings.
The handbook contains 13 chapters sorted by system aspects and tasks:
Chapter 1: Understanding Threat Models
Chapter 2: Bus Protocols
Chapter 3: Vehicle Communication with SocketCAN
Chapter 4: Diagnostics and Logging
Chapter 5: Reverse Engineering the CAN Bus
Chapter 6: ECU Hacking
Chapter 7: Building and Using ECU Test Benches
Chapter 8: Attacking ECUs and Other Embedded Systems
Chapter 9: In-Vehicle Infotainment Systems
Chapter 10: Vehicle-to-Vehicle Communication
Chapter 11: Weaponizing CAN Findings
Chapter 12: Attacking Wireless Systems with SDR
Chapter 13: Performance Tuning
Appendix A: Tools of the Trade
Appendix B: Diagnostic Code Modes and PIDs
Appendix C: Creating Your Own Open Garage
The Car Hacker’s Handbook print version comes in a soft but durable cover with lay-flat binding that keeps the book from closing when you lay it down. It’s a solid book that will withstand wear and tear, whether in your garage or computer lab. Inside, the book contains detailed Table of Contents and Index pages, plus numerous headers and screenshots throughout the text that make identification easy.
Is Your Car Secure? This Corvette was hacked with a simple tracking device
When I first received The Car Hacker’s Handbook by Craig Smith in the mail, I’ll admit to being a bit leery. Is this the equivalent of having a copy of a bomb-making guide delivered to your house? The word “hacker” has such a negative connotation in our world today, with everyone worrying that there is someone lurking in the shadows of every website, waiting to steal your personal information. Even when I carried it home to look it over, I kept it hidden in its shipping envelope, as if to tell the world that I only have a book about hacking; I am not a hacker myself.
We might rush to label all hackers as bad, but you have to remember that many of the most famous car hackers turned in their research to manufacturers to make our cars safer. That’s why The Car Hacker’s Handbook was published.
When you first look at The Car Hacker’s Handbook, the title will throw you off. After I cracked the cover, I began to see it less as a guide to malicious behavior and more as a way to teach drivers how to investigate their own cars to find security flaws. OEMs build what they know, which are cars. Complex computers and new levels of connectivity expose cars to threats they have never had to worry about before. Craig Smith’s guide allows the more tech-savvy among us to learn how these systems work and then use it to their advantage, modifying code for better performance. It also teaches them what to do to protect their cars.
I’ll admit to not being technical enough to run any of the codes and tests in this book, but my mechanical engineer brother understood it all when I let him take a look at it. So, this certainly isn’t a book for beginners, but instead is a detailed, valuable guide for those with code experience. If you are a serious car nut who regularly tinkers around, love problem-solving codes, or are concerned about security, pick up this guide and give the tricks inside a try. It could have a significant impact on your security in the long run.
The Car Hacker’s Handbook is available through the publisher’s website (get 30% off with the code CARHACKERS), as well as Amazon, Barnes and Noble, Book Depository, Google Play, and other online retailers.
Product provided for review by publisher.
A Dayton native, Rebecca got her start blogging at the curiously named Harlac’s Tongue while studying abroad in the UK. She loves tooling around town with her Ford Focus named Jerome to the song they’re playing on the radio. On any given weekend, you can find her with her camera at area festivals, concerts, and car shows, shopping at flea markets, or taking an adventure on the open road. See more articles by Rebecca.