Who to Follow

  •  Chris Valasek: Security Lead at UberATC
  •  Charlie Miller: Hacked the first Apple iPhone, now does car security.
  •  Samy Kamkar: Created MySpace Worm, RollJam, OwnStar.
  •  Justin Seitz: Author of Black Hat Python (No Starch Press).
  •  Troy Hunt: Pluralsight author. Microsoft Regional Director and MVP for Developer Security. Creator of haveibeenpwned.
  • Ken Munro: British researcher, works at Pen Test Partners; major interest in vehicle security
  • OpenGarages: Initiative to created Vehicle Research Labs around the world.
  • Hackaday: Collaborative project hosting for hackers – there are frequently car projects on here.
  • Pen Test Partners: British penetration testing firm; several posts concern their disclosed car security vulns

Podcasts and Episodes

Podcasts and podcast episodes, that either directly focus on vehicle security or have some episodes on it.


  •  Security Weekly – Excellent podcast covering all ranges of security, with some episodes focusing portions on vehicle security from cars to drones.
  • TrustedSec Podcast – From the people at TrustedSec, leaders in Social Engineering, their episodes often go into recent vehicle vulnerabilities and exploits.
  • SANS Internet Storm Center – the ISC run a regular podcast going into the latest vulnerabilities and security news.
  • Security Ledger – A podcast focusing on interviewing security experts about topics related to security.



Overview of hardware, both open source and proprietary, that you can use when conducting vehicle security research. This article goes through many of the options below.

  •  Arduino – Arduino boards have a number of shields you can attach to connect to CAN-enabled devices.
  • CANtact – “The Open Source Car Tool” designed to help you hack your car. You can buy one or make your own following the guide here.
  • Freematics OBD-II Telematics Kit – Arduino-based OBD-II Bluetooth adapter kit has both an OBD-II device and a data logger, and it comes with GPS, an accelerometer and gyro, and temperature sensors.
  •  ELM327 – The de facto chipset that’s very cheap and can be used to connect to CAN devices.
  • GoodThopter12 – Crafted by a well-known hardware hacker, this board is a general board that can be used for exploration of automotive networks.
  • USB2CAN – Cheap USB to CAN connector that will register a device on linux that you can use to get data from a CAN network.
  • Intrepid Tools – Expensive, but extremely versatile tools specifically designed for reversing CAN and other vehicle communication protocols.
  • Red Pitaya – Replaces expensive measurement tools such as oscilloscopes, signal generators, and spectrum analyzers. Red Pitaya has LabView and Matlab interfaces, and you can write your own tools and applications for it. It even supports extensions for things like Arduino shields.
  • ChipWhisperer – A system for side-channel attacks, such as power analysis and clock glitching.
  • HackerSDR – A Software Defined Radio peripheral capable of transmission or reception of radio signals from 1 MHz to 6 GHz. Designed to enable test and development of modern and next generation radio technologies.
  • Carloop – Open source development kit that makes it easy to connect your car to the Internet. Lowest cost car hacking tool that is compatible with SocketCAN and can-utils. No OBD-II to serial cable required.
  • CANBadger – A tool for reverse-engineering and testing automotive systems. The CANBadger consists of both hardware and software. The main interface is a LPC1768/LPC1769 processor mounted on a custom PCB, which offers two CAN interfaces, SD Card, a blinky LED, some GPIO pins, power supply for peripherals and the ethernet port.
  • CANSPY – A platform giving security auditors to audit CAN devices. It can be used to block, forward or modify CAN frames on the fly autonomously as well as interactively.
  • CANBus Triple – General purpose Controller Area Network swiss army knife and development platform.
  • USBtin – USBtin is a simple USB to CAN interface. It can monitor CAN busses and transmit CAN messages. USBtin implements the USB CDC class and creates a virtual comport on the host computer.
  •  OpenXC – OpenXC is a combination of open source hardware and software that lets you extend your vehicle with custom applications and pluggable modules. It uses standard, well-known tools to open up a wealth of data from the vehicle to developers. Started by researchers at Ford, it works for all 2002 and newer MY vehicles (standard OBD-II interface). Researchers at Ford Motor Company joined up to create a standard way of creating aftermarket software and hardware for vehicles.


Overview of software, both open source and proprietary, as well as libraries from various programming languages. This articlegoes through many of the options below.


Software applications that will help you hack your car, investigate it’s signals, and general tinkering with it.

  •  Wireshark – WireShark can be used for reversing CAN communications.
  • Kayak – Java application for CAN bus diagnosis and monitoring.
  • UDSim – GUI tool that can monitor a CAN bus and automatically learn the devices attached to it by watching communications.
  • RomRaider – An open source tuning suite for the Subaru engine control unit that lets you view and log data and tune the ECU.
  •  Intrepid Tools – Expensive, but extremely versatile tools specifically designed for reversing CAN and other vehicle communication protocols.
  • O2OO – Works with the ELM327 to record data to a SQLite database for graphing purposes. It also supports reading GPS data. You can connect this to your car and have it map out using Google Maps KML data where you drive.
  • CANToolz – CANToolz is a framework for analysing CAN networks and devices. It is based on several modules which can be assembled in a pipeline.
  • BUSMASTER -An Open Source tool to simulate, analyze and test data bus systems such as CAN, LIN, FlexRay.
  •  OpenXC – Currently, OpenXC works with Python and Android, with libraries provided to get started.

Libraries and Tools

Libraries and tools that don’t fall under the larger class of applications above.


  • SocketCAN Utils – Userspace utilites for SocketCAN on Linux.
  • vircar – a Virtual car userspace that sends CAN messages based on SocketCAN


  •  CANard – A Python framework for Controller Area Network applications.
  • Caring Caribou – Intended to be the nmap of vehicle security.
  • c0f – A fingerprinting tool for CAN communications that can be used to find a specific signal on a CAN network when testing interactions with a vehicle.
  • Python-CAN – Python interface to various CAN implementations, including SocketCAN. Allows you to use Python 2.7.x or 3.3.x+ to communicate over CAN networks.


  • CANNiBUS – A Go server that allows a room full of researchers to simultaneously work on the same vehicle, whether for instructional purposes or team reversing sessions.
  • CAN Simulator – A Go based CAN simulator for the Raspberry Pi to be used with PiCAN2 or the open source CAN Simulator board


Companies and Jobs

Companies and job opportunities in the vehicle security field.

  • UberATC – Uber Advanced Technologies Center –
  • Tesla – Tesla hires security professionals for a variety of roles, particularly securing their vehicles.
  • Intrepid Control Systems – Embedded security company building tools for reversing vehicles.
  • Rapid7 – Rapid7 does work in information, computer, and embedded security.
  • IOActive – Security consulting firm that does work on pentesting hardware and embedded systems.
Bad Authentication data.