Book review - The Car Hacker's Handbook

Open to topics unrelated to Speed-Talk.
No politics. No religion topics.

Moderator: Team

Post Reply
ijames
Expert
Expert
Posts: 849
Joined: Fri Jul 04, 2008 3:44 pm
Location: Laurel, MD

Book review - The Car Hacker's Handbook

Post by ijames »

This is taken from the comp.risks mailing list, available at www.risks.org, digest 29.38:


Date: Tue, 22 Mar 2016 10:43:17 -0600
From: "Cipher Editor" <cipher-editor@ieee-security.org>
Subject: Craig Smith, The Car Hacker's Handbook: A Guide for the Penetration
Tester (reviewed by Richard Austin)

Electronic CIPHER, Issue 131, March 22, 2016
Newsletter of the IEEE Computer Society's TC on Security and Privacy
http://www.ieee-security.org/cipher.html

Book Review By Richard Austin
3/17/2016

Craig Smith
The Car Hacker's Handbook: A Guide for the Penetration Tester
No Starch Press, 2016
ISBN 978-1-59327-703

A penetration test on your car? Have we really gotten to the point where
even our cars have networks, multiple computers, panoplies of sensors and,
of course, software to make them all work together? Smith assures us that
we have and then proceeds to walk us through a solid introduction to this
bizarre world and how things in it can be made to misbehave.

Smith opens the book with a welcome chapter on threat models which orients
the reader for the material that follows and how it might be applied by
security professionals. Far too many books of this type open with a frantic
rush to get to the tools and leave the reader to contextualize and position
the material as best they can with the usual result of a vague impression of
a long list of tools and commands that all do something but really no idea
of how they might fit together into a whole.

The next three chapters introduce the important protocols, how communication
within the vehicle is done, and an introduction to the diagnostic and
logging data maintained by the vehicle (if you've ever had a "Check Engine"
light illuminate, you've seen the "user mode" interface to this data).

Chapter 5, "Reverse Engineering the CAN Bus", reflects the important point
that these are proprietary systems and manufacturers have little incentive
to disclose their details. This leaves the security professional with the
task of capturing traffic, decoding it to form theories about what is
actually going on and then apply the theory to verify that it is somewhere
close to correct. Smith demonstrates use of the tools with screenshots and
sample commands to get you started. He thoughtfully provides a
troubleshooting guide for when you accidentally put the vehicle into a state
where it no longer works correctly.

The next chapter, "ECU Hacking", describes how to interact with a vehicle's
ECU's (Electronic Control Units) in three ways: front door attacks using the
manufacturer's access mechanisms; backdoor attacks using the more or less
traditional hardware analysis techniques (dumping and disassembling
firmware, etc.); and exploits where you discover unintentional access
methods.

Chapter 7, "Building and Using ECU Test Benches", describes how to "run" an
ECU outside the vehicle so you can interact with it in isolation from the
rest of the vehicle. Smith also covers the important topic of how to
simulate the sensor signals the ECU is expecting to process. Working with
the EXU outside the vehicle reduces the noise introduced by other units and
also reduces the consequences of an "Oops!".

The next chapter, "Attacking ECUS And Other Embedded Systems", gets to the
meat of the matter in interacting with these devices. This is an excellent
chapter that introduces a plethora of tools and hardware accessories in a
single place without having to scour multiple websites and online forums.
Some of the techniques (e.g., JTAG) will be familiar if you've done hardware
debugging but Smith's additional discussion of how these tools can be used
to change the desired operation of embedded systems in ways an adversary
might desire is both eye opening and invaluable.

Chapter 9, "In-Vehicle Infotainment Systems", extends the discussion to that
nice touchscreen found in many vehicles that is the interface to multiple
applications such as navigation and climate control.

The next chapter, "Vehicle-to-Vehicle Communication", provides an
introduction to one of the more frightening possibilities in vehicle
systems: cross-communication. Though it might be useful for a truck loaded
with dynamite to notify vehicles in its vicinity that it's transporting
hazardous material, the potential mischief of false notifications or
suppressed notifications is obvious. This is a developing technology and
could well use input from the security profession. Chapter 11, "Weaponizing
CAN Findings", describes how to "take an exploit and make it easy to use"
(p. 193). Smith lucidly demonstrates how to take an exploit (found during
your research using the techniques described in the earlier chapters) and
package it as a Metasploit payload (it doesn't get much easier to use than
this).

The next chapter, "Attacking Wireless Systems with SDR", describes how to
use inexpensive Software Defined Radio (SDR) equipment to interact with
vehicle systems using wireless technology. While wide coverage radio
transceivers may cost several thousands of dollars, a SDR costs typically
less that $500 (SDR receivers can be found as cheaply as $30). The systems
used as examples are the TPMS (Tire Pressure Monitoring System) and key fobs
(more interesting because they use cryptography). Smith begins with a
discussion of modulation, how information is imposed onto a radio signal,
and moves on to receiving the signals and interpreting them. Once you know
the frequency, modulation and the format of the information itself, you are
in a position to generate your own signals to trigger the desired action.

Chapter 13, "Performance Tuning", describes a well-developed, application
for modifying the operating parameters of vehicle systems to improve
performance. This is a masterful demonstration that these are not abstract
possibilities but, at least in their more benign applications, already
well-developed.

Our world is rapidly being filled with things that are computers and
communication networks but don't look like them. And, like any other
complex system, they expose vulnerabilities that can be exploited by a
malicious adversary. The consequences of suddenly killing the engines of
several vehicles surrounding a truck carrying hazardous materials on a busy
interstate highway are horrifying to contemplate.

Smith has done a marvelous job of providing a practical introduction to the
world of vehicle systems and the tools used to interact with them for both
benign and malicious purposes. The challenge for the security profession is
to engage with the engineers designing these systems to build understanding
of the security implications of design and implementation decisions. With
Smith's introduction under our belt, we will be much better prepared to
speak their language. Definitely a recommended read.
Carl Ijames, chemist not engine builder
carl ddott ijames aatt verizon ddott net
In-Tech
Vendor
Posts: 2812
Joined: Wed Apr 21, 2010 4:35 am
Location: Fresno, CA

Re: Book review - The Car Hacker's Handbook

Post by In-Tech »

Ordered :)
Heat is energy, energy is horsepower...but you gotta control the heat.
-Carl
ijames
Expert
Expert
Posts: 849
Joined: Fri Jul 04, 2008 3:44 pm
Location: Laurel, MD

Re: Book review - The Car Hacker's Handbook

Post by ijames »

I hoped you would see the description of Chapter 13. You might find the risks list interesting, also.
Carl Ijames, chemist not engine builder
carl ddott ijames aatt verizon ddott net
In-Tech
Vendor
Posts: 2812
Joined: Wed Apr 21, 2010 4:35 am
Location: Fresno, CA

Re: Book review - The Car Hacker's Handbook

Post by In-Tech »

Yes, Chapter 13 since we are always trying to learn/expand our tuning techniques.

I am quite curious to read Chapter 5 as I have very limited experience with CAN and would like to start that journey.

Thanks for the tip on the handbook. It seems I heard about it before but never pursued it. I hope it doesn't turn out like when I got my applied cryptography book and got so out of touch with life that I could barely converse with anyone. #-o When you're solving huge math in your sleep and start sleep walking, talking(phone) and driving you have truly lost your mind and are in another dimension [-X I've never done more than alcohol and a little pot in my life so I assume that's what heavy drugs are like. :lol:
Heat is energy, energy is horsepower...but you gotta control the heat.
-Carl
Post Reply