Car Hacking
Car Hacking
June 2019
Recommended Citation
Payne, Bryson R. (2019) "Car Hacking: Accessing and Exploiting the CAN Bus Protocol," Journal of
Cybersecurity Education, Research and Practice: Vol. 2019: No. 1, Article 5.
DOI: https://doi.org/10.62915/2472-2707.1045
Available at: https://digitalcommons.kennesaw.edu/jcerp/vol2019/iss1/5
This Article is brought to you for free and open access by the Active Journals at DigitalCommons@Kennesaw State
University. It has been accepted for inclusion in Journal of Cybersecurity Education, Research and Practice by an
authorized editor of DigitalCommons@Kennesaw State University. For more information, please contact
[email protected].
Car Hacking: Accessing and Exploiting the CAN Bus Protocol
Abstract
With the rapid adoption of internet-connected and driver-assist technologies, and the spread of semi-
autonomous to self-driving cars on roads worldwide, cybersecurity for smart cars is a timely concern and
one worth exploring both in the classroom and in the real world. Highly publicized hacks against
production cars, and a relatively small number of crashes involving autonomous vehicles, have brought
the issue of securing smart cars to the forefront as a matter of public and individual safety, and the
cybersecurity of these “data centers on wheels” is of greater concern than ever.
However, up to this point there has been a steep learning curve involved in applying cybersecurity
research to car hacking. The purpose of this paper is to present a clear, step-by-step process for creating
a car-hacking research workstation and to give faculty, students, and researchers the ability to implement
car hacking in their own courses and lab environments. This article describes the integration of a module
on car hacking into a semester-long ethical hacking cybersecurity course, including full installation and
setup of all the open-source tools necessary to implement the hands-on labs in similar courses. This work
demonstrates how to test an automobile for vulnerabilities involving replay attacks, and how to reverse-
engineer CAN bus messages, using a combination of open-source tools and a commodity CAN-to-USB
cable or wireless connector for under $100 (USD). Also provided are an introduction to the CAN
(controller area network) bus in modern automobiles and a brief history of car hacking.
Keywords
car hacking, cybersecurity, CAN bus, controller area network, automotive security
INTRODUCTION
Car hacking has been portrayed in popular media as a present danger, even
though relatively few successful proofs of concept have been demonstrated against
production vehicles during normal use on the highway (Miller & Valasek, 2018).
Similarly, autonomous or self-driving cars have logged over a million miles with
fewer accidents than the average human driver (Dixit, Chand & Nair, 2016), but
the few crashes involving autonomous vehicles have been highly publicized, even
when those accidents were caused by human intervention (Banerjee et al., 2018).
With the rapid adoption of internet-connected and driver-assist technologies, and
the spread of semi-autonomous to self-driving cars on roads world-wide,
cybersecurity for smart cars is a timely concern and one worth exploring both in
the classroom and in the real world (Ring, 2015).
Automobile networks are increasingly complex, running on tens of millions of
lines of code (Saracco, 2016), yet they employ decades-old protocols with little to
no security (Bosch, 1991). Furthermore, the tools needed to access these networks
are widely available for free or for very little cost. Unfortunately, the learning curve
necessary to implement these tools has, up to this point, been rather steep, making
it difficult for students or even experienced cybersecurity researchers to apply their
skills to automotive networks. The purpose of this paper is to present a clear, step-
by-step process for creating a car-hacking research workstation. Using open-source
software and a $70 cable, we can demonstrate a common vulnerability across newer
IoT devices, the replay attack, as an easy-to-understand first attack on automobile
networked systems.
This paper details the implementation of a hands-on car-hacking module
developed by the author into an ethical-hacking computer security course,
including the setup of open-source car-hacking tools, a demonstration of a replay
attack on a simulated controller area network (CAN), and the low-cost tools
necessary to test for similar vulnerabilities in modern automobiles. All the software
can be installed on a laptop or Raspberry Pi, or on a Linux virtual machine, like the
ones typically used in an ethical hacking course featuring Kali Linux and
Metasploit tools. And the only physical equipment needed to connect the software
to a modern car, a USB to OBD-II cable or wireless connector, can be acquired
easily online for under $100USD.
BACKGROUND
Automobiles have become increasingly more technologically sophisticated, but
the underlying communication system, the controller area network, or CAN bus,
has remained either largely unchanged or backwards compatible with the 1991
standard (Bosch, 1991). Including firmware, operating systems, and application
software, a “typical” new car may include 100 million lines of code (Newcomb,
2012). The 2016 Ford F150 pickup truck was unveiled not at a car show, but at the
Consumer Electronics Show, touting 150 million lines of code (Saracco, 2016), and
that was years ago.
In addition to autonomous software and hardware advances like self-driving and
driver-assist technologies, newer automobiles may include Bluetooth and standard
Wi-Fi networking capabilities, and many even include a persistent wireless
connection over 4G LTE. Some automobiles, including new Teslas, can even
update their own software and firmware over 4G LTE (Alvarez, 2018). These
network connections significantly expand the threat surface, bringing new vectors
of attack to ever more complex automotive systems.
Koscher et al. (2010) noted that an attacker who is able to access almost any of
the dozens of ECUs (electronic control units), the microprocessor chips responsible
for sensing and control, in modern automobiles could “completely circumvent a
broad array of safety-critical systems” (Koscher et al, 2010, p. 447).
At the same time the attack surfaces of network connectivity and system
complexity have grown exponentially, the resources needed to attack an automobile
have shrunk almost to zero. Using only free, open-source software and either a
Raspberry Pi, an Android phone, or a free Kali Linux virtual machine running on
an existing laptop, hackers can test for vulnerabilities and potentially attack a car
via Bluetooth and Wi-Fi. For under $20, a wired or wireless OBD-II connector can
be attached to the on-board diagnostic port (OBD-II) of a target vehicle for direct
access to the internal workings of the automobile across any of those devices.
Car hacking itself is surprisingly similar to hacking other networked devices.
We can use a network sniffer to view packets as they move across the controller
area network, or CAN bus, in an automobile. Let us first cover a brief introduction
to the modern CAN bus, then provide some history on significant moments in car
hacking, followed by an introduction to the open-source car hacking tools we’ll be
using from OpenGarages.org.
https://digitalcommons.kennesaw.edu/jcerp/vol2019/iss1/5
DOI: 10.62915/2472-2707.1045 2
Payne: Car Hacking
https://digitalcommons.kennesaw.edu/jcerp/vol2019/iss1/5
DOI: 10.62915/2472-2707.1045 4
Payne: Car Hacking
IMPLEMENTATION
At the onset of this lesson or module in a classroom environment, it is an
opportune time to discuss ethical considerations in car hacking, and in the greater
Internet of Things (IoT) as a whole. As we become more reliant on connected
technologies in our daily lives, the role that security plays becomes even more
important. As self-driving cars and driver-assist technologies continue to expand
and improve, discussing ethical and security concerns, especially with respect to
human safety, provides an additional opportunity for discussion in a cybersecurity
course. Should car owners be able to test the security of their own vehicles? What
are ethical limits for security researchers? Do car manufacturers have greater
responsibility than other IoT device manufacturers in assuring the security of
systems and networks in their products? Such questions can help frame the
importance and relevance of car hacking in the context of a cyber course.
Faculty and students familiar with Linux, especially Kali Linux for ethical
hacking and penetration testing, will find both the setup and the use of the tools
themselves relatively intuitive. Those with less experience, especially with less
command-line Linux expertise, can still install and run the tools in a virtual machine
similar to the ones used in most hands-on courses in ethical hacking.
In our ethical hacking course, we were already using virtual machines for Kali
Linux, so we implemented the OpenGarages.org car hacking tools on Kali, a
Debian-based Linux distribution favored by many ethical hackers, red teams, and
offensive security practitioners. Our implementation used Kali Linux running in a
virtual machine under Oracle’s freely available VirtualBox platform.
VirtualBox runs on Windows, Linux, and Mac computers and can host dozens
of different operating systems in individual virtual machines, and even though its
technology was acquired by Oracle, Inc., VirtualBox remains free and open-source
under the GNU General Public License version 2.
Installation
This installation will assume the user has either a workstation running Kali
Linux or a virtual machine running Kali Linux in a platform like VMware or
VirtualBox. For the car hacking modules, we will use open-source tools from
OpenGarages.org developed by Craig Smith.
Installing Dependencies
The first step in setting up the OpenGarages.org car hacking software is
installing prerequisite software known as dependencies. First, update Kali Linux by
typing the update command into a new Terminal (command-line) window:
Then, install the LibSDL (SDL stands for Simple DirectMedia Layer, a cross-
platform development library for computer graphics and audio) development
libraries. LibSDL is used by the Instrument Cluster Simulator software from
OpenGarages to draw and animate the virtual dashboard (or instrument cluster), as
well as to access various game controllers, like the PlayStation PS3 controller
natively supported by the software to drive the virtual car in the ICsim control
application.
Install both the libsdl2-dev and libsdl2-image-dev libraries with the command:
After the LibSDL libraries are installed, add the CAN utilities. CAN is short for
controller area network, the primary network in modern automobiles. The CAN
utilities are included in some Linux distributions, but not in Kali as of this writing.
The CAN utilities can be installed using the command:
Once the LibSDL and CAN utilities software dependencies are in place, as
shown in Figure 1, we can proceed to download and install the ICSim car hacking
tools.
https://digitalcommons.kennesaw.edu/jcerp/vol2019/iss1/5
DOI: 10.62915/2472-2707.1045 6
Payne: Car Hacking
cd ~
That’s cd (short for change directory) followed by a tilde (~) symbol, to signify
the user’s home directory. On Kali Linux, this is usually the directory /root/,
corresponding to the root user.
Download and expand the ICSim project files using git with the command:
Git will download the project files for ICSim into a folder labeled ICSim in your
home directory. Change into the ICSim folder and list the contents:
cd ICSim/
ls
You should see several files, including two executable files labeled controls and
icsim, inside the ICSim folder, as shown in Figure 2.
Figure 2: After cloning ICSim.git, you’ll be able to cd into the ICSim folder to
reveal the Instrument Cluster Simulator files.
more setup_vcan.sh
The modprobe command is used to load kernel modules, like the CAN and
vCAN network modules from the CAN utilities library, and the first two lines of
the script will load these two modules to be able to communicate using CAN
protocols on a virtual controller area network (vCAN) for our car-hacking
simulator. The final two lines will create a new network device called vcan0 of type
vCAN and turn the link on.
Either type and run those four lines above, or run the shell script by typing:
sh setup_vcan.sh
https://digitalcommons.kennesaw.edu/jcerp/vol2019/iss1/5
DOI: 10.62915/2472-2707.1045 8
Payne: Car Hacking
You can verify that the vcan0 network link is active by typing ifconfig. In
addition to your regular network interfaces, you should now see vcan0 listed. With
the vcan0 network link active, we can run the Instrument Cluster Simulator and the
Control Panel to simulate a live controller area network and instrument cluster in a
modern automobile.
~/ICSim/icsim vcan0
That’s vcan0, with a zero, denoting the virtual CAN network we created by
running setup_vcan.sh above. The dashboard instrument panel simulator will
appear as shown in Figure 3.
Nothing on the dashboard will light up, and the speedometer will remain fixed,
because there’s no traffic on the vcan0 network yet. We’ll address that by starting
the ICSim’s controls. In a second terminal window, open the controls app:
~/ICSim/controls vcan0
The CANBus Control Panel application will appear on the screen, with a GUI
mimicking the PlayStation 3’s PS3 controller (which, by the way, is supported by
the controls app). The keyboard controls are labeled on the controller GUI:
acceleration is controlled with the Up arrow key, turn signals with the Left and
Right arrow keys, and so on.
Right-click (or control-click) on the title bar at the top of the window, and select
Always on Top to keep the control panel app visible, as shown in Figure 4.
https://digitalcommons.kennesaw.edu/jcerp/vol2019/iss1/5
DOI: 10.62915/2472-2707.1045 10
Payne: Car Hacking
cansniffer -c vcan0
https://digitalcommons.kennesaw.edu/jcerp/vol2019/iss1/5
DOI: 10.62915/2472-2707.1045 12
Payne: Car Hacking
cd ~/ICSim
sh setup_vcan.sh
./icsim vcan0 &
./controls vcan0 &
Note that by adding the ampersand (&) to the end of the last two commands, you
can run both the IC Simulator and CANBus Control Panel from the same terminal
window. The ampersand places each command in the “background”, allowing the
user to continue working in the command line shell while a process executes.
In a separate terminal window, run the candump tool to log all the traffic on
vcan0 to a file:
candump -l vcan0
Note the -l is dash-lowercase-L (not dash-one). The candump -l flag stands for
log, or capture the CAN traffic and save it to a file. We still use the vcan0 network
interface, because that’s the interface where our dashboard and controller are
simulating CAN traffic.
Immediately after starting candump, click back on the CANBus Control Panel
window and begin pressing keys to accelerate, activate the turn signals, and lock
and unlock doors. After a few seconds of “driving”, click back on the candump
terminal window and press Ctrl-C (control-C) to stop the packet capture.
List the contents of the current directory with the ls command, and you’ll see
a new file in the format candump-YYYY-MM-DD_time.log, such as:
candump-2019-02-23_083845.log
This log file contains all the packets we just captured. Now it’s time to close the
controller window and try the replay attack against our virtual CAN bus.
canplayer -I candump-2019-02-23_083845.log
The -I flag tells canplayer to use the supplied log file as input. Note that you can
start typing the log filename and just press the tab key (type c-a-n and press the Tab
key to auto-complete the log file name) instead of typing the long sequence of
digits. Also notice that you don’t have to specify which interface to use, vcan0, like
you did with all the previous CAN utilities. This is because canplayer will replay
the packets on the same interface they were captured on.
https://digitalcommons.kennesaw.edu/jcerp/vol2019/iss1/5
DOI: 10.62915/2472-2707.1045 14
Payne: Car Hacking
After pressing the enter key, you should see the speedometer and other
dashboard components do the same thing they did when you captured the packets,
as shown in Figure 6. Notice we were able to get both the left and right turn signals
on at the same time, and unlock all the doors, while the car was going at over 90
miles per hour!
Figure 6: We can replay the packets we captured earlier using canplayer, and
control the virtual dashboard without using the CANBus Control Panel.
You’re able to see the same indicators, even though the car is turned “off”—
there are no controls active, but you’re changing the dashboard as if the car is
actively running.
In fact, if you run canplayer with the CANBus Control Panel still active, the
speedometer will jump between its “real” value, determined by the controller app,
and the value the canplayer app is replaying onto the virtual CAN bus.
candump -l vcan0
Do not interact with the controller, just capture about a second’s worth of packets
with no turn signals running. (Note: If you’re trying to reverse engineer a CAN
control that toggles, like door locks, you may need to capture a baseline in which
you re-lock the doors, or perform an opposite action to whatever action you’re
trying to replay.) Stop the packet capture by pressing Ctrl-C. Rename the resulting
candump log file something memorable like baseline.
mv candump-2019-03-02_102411.log baseline
With the baseline, or lights out, file captured, it’s time to capture the right turn
signal, and reverse engineer the CAN ID responsible for showing the turn signals.
https://digitalcommons.kennesaw.edu/jcerp/vol2019/iss1/5
DOI: 10.62915/2472-2707.1045 16
Payne: Car Hacking
Next, capture a candump of the right turn signal for a second or two. To do this,
start candump in the Terminal window, switch immediately to the CANBus Control
Panel and press the right arrow on your keyboard. After about a second, switch
back to the Terminal window and stop the candump by pressing Ctrl-C.
The process we’ll use to reverse engineer the individual CAN ID of the turn
signal is to split the candump file in half recursively until we have a single CAN
packet or message that will light the right turn signal.
First, determine the number of lines (the candump format is plain text, one line
per CAN message) in the most recent capture:
wc -l candump-2019-03-07_102721.log
9761 candump-2019-03-07_102721.log
The Linux word count command wc -l (dash l as in lines) will count the
number of lines in a file. Above, the command reports that there are 9,761 lines in
the couple of seconds of candump logs we captured.
Replay the log file to make sure it does, indeed, show the right turn signal:
canplayer -I candump-2019-03-07_102721.log
If the turn signal does not light up, go back and capture the turn signal again.
Once the signal lights up, close the CANBus Control Panel so that it will not
interfere in the reverse engineering steps to follow.
Recursively apply the following steps:
1. Split the previous log file into two approximately equal halves:
The Linux split -l (again, dash l as in lines) command will split the
file into multiple files containing the specified number of lines (we began
with almost 10,000 lines, so we used 5,000 as the first split value). The
x1 (x one) at the end of the command specifies the prefix for the resulting
files; the two files produced above will be named x1aa and x1ab.
2. Play each half until the turn signal lights up on the dashboard:
canplayer -I x1aa
canplayer -I x1ab
If the first command lights the right turn signal, there is no need to run
the second command. If not, run the second command. Because the
original complete file turned on the signal, at least one of these two
halves should also turn on the signal. If both work, we’ll arbitrarily pick
the first file each time for further analysis.
Note: The turn signal is a simple on/off value, so it is easy to spot. If the
CAN system you’re trying to reverse engineer is more subtle or
continuous, like acceleration, braking, or turning up the stereo volume
or A/C temperature, you may want to wrap the canplayer command in a
for loop to be able to spot shorter or incremental effects:
for i in {1..10}; do canplayer -I x1aa ; done
3. Reset the dashboard by playing the baseline to clear the turn signal:
canplayer -I baseline
The turn signal should return to the off state. This is necessary because
our dashboard will continue to show the turn signal as on, or lit up, until
an off state is received.
4. Go back to Step 1, splitting the number of lines in the “good” packet
capture (either x1aa or x1ab above, whichever lights the signal) roughly
in half (2500, 1250, 640, 320, 160, 80, 40, 20, 10, 5, 3, 2, 1), and
incrementing the prefix (x2, x3, and so on) each time:
The two new resulting files will be named x2aa and x2ab. Repeat steps
2-4 until your “good” file consists of one line that turns on the right turn
signal.
Students familiar with the power of the binary search will recognize that this
process will take surprisingly few iterations. Even an initial packet capture of
1,000,000 lines (approximately 220) will require only 20 iterations to identify the
single CAN message responsible for turning on the signal. Here are the last few
rounds of one example:
https://digitalcommons.kennesaw.edu/jcerp/vol2019/iss1/5
DOI: 10.62915/2472-2707.1045 18
Payne: Car Hacking
canplayer -I x13ab
canplayer -I baseline
split -l 1 x13ab x14
canplayer -I x14aa
canplayer -I x14ab
The x14ab file in this example is a single line long, and it turns on the right
signal. Let’s look at the contents:
more x14ab
The timing of the packet is at the start of the line, the CAN network vcan0 is
next, then the CAN ID of the turn signal, 188, followed by the hash symbol # and
the data responsible for turning on the right turn signal: 02000000.
We have successfully reverse engineered the CAN ID of the turn signal! We can
verify this by resetting the dashboard with the baseline, then running the cansend
command with the correct CAN ID and data, as follows:
canplayer -I baseline
cansend vcan0 188#02000000
The turn signal is on! Now that we have the CAN ID of the turn signals, it’s time
to perform the last step, and take full control of the turn signal system.
Enumerating CAN Data Values and Gaining Full Control of a CAN System
Once we have the CAN ID of the turn signals, it’s time to modify the data values
in the message to discover both the left and right turn signal values, turn off the
signal, and turn on both signals at the same time.
First, we know that we can light up the right turn signal with the CAN message
188#02000000. Visually inspecting the data value, 02000000, a logical next value
to try might be 01000000. With the IC Simulator still running, type:
The left turn signal lights up! Next, let’s try all zero values for the data :
Both turn signals go dark with the zero data values. This means that if we can
inject 188#00000000 signals repeatedly on the CAN bus (e.g. with a for loop, as
noted in the previous section), we can effectively suppress or silence the turn signal.
This is not likely to be catastrophic alone, but it could induce stress on a driver as
well as other vehicles behind him or her.
Last, but not least, let’s go for the pièce de résistance: Can we turn on both the
left and right turn signals at the same time? A little familiarity with binary
arithmetic helps here:
The data value 03000000 on CAN ID 188 lights both the left and turn signals at
the same time! We have achieved the effect of emergency lights or a simulated pair
of brake lights, potentially enough to disrupt a driver or several drivers in traffic.
https://digitalcommons.kennesaw.edu/jcerp/vol2019/iss1/5
DOI: 10.62915/2472-2707.1045 20
Payne: Car Hacking
While the examples above are simulated safely in a lab environment, the tools
needed to connect a researcher’s Kali laptop to a physical automobile are
inexpensive and widely available.
Figure 8: You can purchase a USB to OBD-II adapter cable to connect your
computer to almost any post-1996 automobile’s on-board-diagnostic (OBD) port,
for just around $20-30USD online.
The OBDLink SX is an inexpensive and widely available piece of hardware for
home mechanics and car hackers alike. In this section, we’ll detail how to connect
such an OBD to USB cable to the Kali VM used in previous sections.
To connect to the OBDLink cable shown for the first time, it’s helpful to install
the ScanTool software from ScanTool.net (Hobbs, 2015), available as an apt-get
package:
scantool
You can plug the OBD-II cable into your laptop or computer using the USB
adapter end, plug the OBD-II connector into your car’s OBD port under the steering
wheel on the driver’s side near the floorboard, and turn on the automobile’s
ignition. If you’re using a virtual machine, you’ll need to connect the USB device
to your VM in VirtualBox by selecting Devices > USB > ScanTool OBDLink (or
similar), as shown in Figure 9.
Figure 9: You can connect a physical OBD-II to USB cable to your virtual
machine in VirtualBox by going to the virtual machine’s menu and selecting
Devices > USB > ScanTool OBDLink (or the name of your OBD-to-USB cable).
The ScanTool software will connect to automobile’s CAN network to perform
tasks like reading diagnostic codes (and resetting them, like your mechanic does
when he changes your oil, etc.), reading sensor data (with room for over eight pages
of sensors to accommodate most modern vehicles), and more. The Linux version
of the ScanTool GUI is shown in Figure 10.
https://digitalcommons.kennesaw.edu/jcerp/vol2019/iss1/5
DOI: 10.62915/2472-2707.1045 22
Payne: Car Hacking
Figure 10: The free ScanTool software that works with several types of OBD-II
to USB cables has an easy-to-use GUI interface, as well as all the drivers you need
to be able to read data from the CAN bus of most modern vehicles.
With a slightly more capable CAN-to-USB converter, like CANable, CANtact,
or Korlan USB2CAN, all available for under $75USD, you should be able to read
raw CAN packets and attempt some of the same replay attacks mentioned above
(capturing the left turn signal for a few seconds, turning off the turn signal, then
reinjecting the packets using canplayer to see if the dashboard indicator blinks—or
if the actual turn signal lights on the outside of the car flash). Remember, though,
that the effects of packet injection can cause unpredictable behavior, and should
only be attempted in a safe environment on a vehicle you can afford to take to a
real mechanic.
In the near term, we plan to expand the car hacking module to include more
hands-on testing with faculty (and student) automobiles of various makes and
models, as well as encourage the students to make further modifications to the
software to customize it to suit additional test cases. In the long term, we hope to
acquire an electric vehicle with LTE cellular connectivity (like the Nissan Leaf,
Chevy Bolt, or Tesla Model 3) to extend this research to include wireless and
remote vulnerability testing with no direct connection to the OBD-II port necessary.
We also hope to survey students formally to gather relevant data for determining
whether car hacking had a significant impact on student outcomes in ethical
hacking and related courses as future research.
REFERENCES
Alvarez, S. (2018). Tesla to offer ‘premium connectivity’ internet package starting July 1.
Teslarati.com. June 23, 2018. https://www.teslarati.com/tesla-premium-connectivity-internet-
package-july-1/
Banerjee, S. S., Jha, S., Cyriac, J., Kalbarczyk, Z. T., & Iyer, R. K. (2018, June). Hands Off the
Wheel in Autonomous Vehicles?: A Systems Perspective on over a Million Miles of Field Data.
In 2018 48th Annual IEEE/IFIP International Conference on Dependable Systems and
Networks (DSN)(pp. 586-597). IEEE.
Benchoff, B. (2016). The terrible security of Bluetooth locks. Hackaday. August 8, 2016.
https://hackaday.com/2016/08/08/the-terrible-security-of-bluetooth-locks/
Bosch GmbH. (1991). CAN specification version 2.0. Retrieved June 3, 2018 from
http://esd.cs.ucr.edu/webres/can20.pdf
Checkoway, S., McCoy, D., Kantor, B., Anderson, D., Shacham, H., Savage, S., ... & Kohno, T.
(2011, August). Comprehensive experimental analyses of automotive attack surfaces. USENIX
Security Symposium (pp. 77-92). http://www.autosec.org/pubs/cars-usenixsec2011.pdf
Cook, J.A. & Freudenberg, J.S. (2008). Controller Area Network (CAN). Retrieved September 5,
2018 from https://www.eecs.umich.edu/courses/eecs461/doc/CAN_notes.pdf
CSS Electronics (2018). CAN Bus Explained – A Simple Intro. Retrieved July 10, 2018 from
https://www.csselectronics.com/screen/page/simple-intro-to-can-bus/language/en
Dixit, V. V., Chand, S., & Nair, D. J. (2016). Autonomous vehicles: disengagements, accidents and
reaction times. PLoS one, 11(12), e0168054.
Hobbs, S. (2015). Scantool – OBD-II Car Diagnostic Software for Linux. Retrieved July 25, 2018
from https://samhobbs.co.uk/2015/04/scantool-obdii-car-diagnostic-software-linux
Jafarnejad, S., Codeca, L., Bronzi, W., Frank, R., & Engel, T. (2015, December). A car hacking
experiment: When connectivity meets vulnerability. In 2015 IEEE Globecom Workshops (GC
Wkshps) (pp. 1-6). IEEE.
Koscher, K., Czeskis, A., Roesner, F., Patel, S., Kohno, T., Checkoway, S., ... & Savage, S. (2010,
May). Experimental security analysis of a modern automobile. In 2010 IEEE Symposium on
Security and Privacy (pp. 447-462). IEEE.
https://digitalcommons.kennesaw.edu/jcerp/vol2019/iss1/5
DOI: 10.62915/2472-2707.1045 24
Payne: Car Hacking
Kovacs, E. (2017). PLCs from several vendors vulnerable to replay attacks. SecurityWeek, April 6,
2016. https://www.securityweek.com/plcs-several-vendors-vulnerable-replay-attacks
Miller, C. & Valasek, C. (2018). Securing Self-Driving Cars. Presentation at Black Hat USA 2018.
Retrieved August 9, 2018 from http://illmatics.com/securing_self_driving_cars.pdf
Newcomb, D. (2012). The next big OS war is in your dashboard. Wired. December 2012.
https://www.wired.com/2012/12/automotive-os-war/
OpenGarages.org. (2017). ICSim: Instrument Cluster Simulator for SocketCAN. Retrieved May 15,
2018 from https://github.com/zombieCraig/ICSim
Payne, B. R., & Abegaz, T. T. (2018). Securing the Internet of Things: Best Practices for Deploying
IoT Devices. Computer and Network Security Essentials, 493-506.
Payne, B. (2018). Real-World Ethical Hacking: Hands-on Cybersecurity. Udemy.com.
https://www.udemy.com/real-world-ethical-hacking/
Ring, T. (2015). Connected cars – the next target for hackers. Network Security, 2015(11), 11-16.
Saracco, R. (2016). Guess what requires 150 million lines of code… EIT Digital. January 13, 2016.
https://www.eitdigital.eu/news-events/blog/article/guess-what-requires-150-million-lines-of-
code/
Schmandt, J., Sherman, A. T., & Banerjee, N. (2017). Mini-MAC: Raising the bar for vehicular
security with a lightweight message authentication protocol. Vehicular Communications, 9,
188-196.
Smith, C. (2016). The Car Hacker’s Handbook. San Francisco:No Starch Press.
Vector (2016). Automotive Ethernet. Retrieved July 18, 2018 from
https://elearning.vector.com/index.php?&seite=vl_automotive_ethernet_introduction_ko
Wolf, M., Weimerskirch, A., & Paar, C. (2004, November). Security in automotive bus systems.
In Workshop on Embedded Security in Cars. IEEE.