Car hacking
By Drew Fustini. Posted
This article was originally published as part of HackSpace magazine, which has since been incorporated into Raspberry Pi Official Magazine.
Hacking a car in the movies looks easy: you poke around a bit with a screwdriver, you twist together some bare wires, and you’re good to go. Happily, the security systems on modern cars are a bit more sophisticated than that, but with the right skills and tools, hackers can exploit all sorts of weaknesses to gain unauthorised access to a car: on-board computers, key fobs, Bluetooth connections, and even the pressure sensors on your tyres.
These weaknesses can be extremely dangerous, and car manufacturers can get very sloppy with their security. In just one example, a car hacker known as L&M realised that two GPS car tracking apps had given all customers the same default password (123456) on sign up, allowing anyone to gain access to thousands of accounts. As well as the flaws providing access to personal and financial details, L&M exposed an incredibly dangerous vulnerability: the ability to remotely stop the engine of some of the vehicles using these apps.
Finding and reporting vulnerabilities like this is central to the car hacking community. There has been a lively, Car Hacking Village at DEF CON since 2015, where car hackers educate security researchers about modern-day vehicle systems, experiment with technology, and play with all sorts of motorised vehicles, from upgrading mobility scooters to making a car escape room where you have to hack your way out of a locked SUV.
The best way to get started with car hacking is to get yourself a copy of The Car Hacker’s Handbook by Craig Smith of @OpenGarages and a car hacking board such as the CANtact, the M2 by Macchina, or the Carloop. These devices plug into the OBD-II diagnostics port, standard in all vehicles made in the last 25 years, and communicate over the CAN bus with the ECU (Engine Control Unit) and other sensors and actuators throughout the vehicle. Open-source programs exist to both interpret the messages on the CAN bus, like tachometer data, and send messages to control dashboard readouts and much more.
There are also lots of car hackers on Twitter that I follow to keep up with the latest news, including Robert Leale (@carfucar) and Kirsten Sireci Renner (@Krenner), who co-founded the DEF CON Car Hacking Village, and Ian Tabor (@mintynet), who runs the UK Car Hacking Village
Drew Fustini is a hardware designer and embedded Linux developer. He is the Vice President of the Open Source Hardware Association, and a board member of the BeagleBoard.org Foundation.
Subscribe to Raspberry Pi Official Magazine
Save up to 37% off the cover price and get a FREE Raspberry Pi Pico 2 W with a subscription to Raspberry Pi Official Magazine.
More articles
Make your RAM go further – Raspberry Pi OS memory optimisation tips
In issue 164 of Raspberry Pi Official Magazine we have been playing around with the new Raspberry Pi 5 1GB RAM. While the RAM shortage caused by the demands of AI infrastructure is annoying beyond belief, this has been a great chance for us to really get to grips with RAM. Generating images in Stable […]
Read more →
Mighty Projects – 1GB Computer in Raspberry Pi Official Magazine 164
It’s normal for computers to get faster and more pwerful, but the new-ish Raspberry Pi 5 1GB is a step in the other direction: it has all the processing power and the same GPIO pins of its more costly siblings, but with only 1GB of RAM it’s at a price that’s friendlier on the wallet […]
Read more →
Win one of five 256GB Raspberry Pi Flash Drives
If you’ve been around long enough, you know that every Raspberry Pi accessory is top quality, and the latest Flash Drive is no different. Fancy a big one? We have five up for grabs, and you can enter below… Win 1 of 5 256GB Raspberry Pi Flash Drives
Read more →