From 087b43196b58ea04c600169c428106d1219accf7 Mon Sep 17 00:00:00 2001 From: `Mr-IoT` Date: Fri, 4 Jul 2025 23:30:05 +0530 Subject: [PATCH] Add files via upload --- docs/Automotive-security.md | 132 ++++++++++++++++++++++++++++++++++++ 1 file changed, 132 insertions(+) create mode 100644 docs/Automotive-security.md diff --git a/docs/Automotive-security.md b/docs/Automotive-security.md new file mode 100644 index 0000000..84fcaed --- /dev/null +++ b/docs/Automotive-security.md @@ -0,0 +1,132 @@ +## Automotive + +### AutomotiveSecurity +- [Automotive-Security](https://github.com/V33RU/IoTSecurity101/blob/master/Automotive-Security.md) + +--- + +[Automotive-Security](https://github.com/V33RU/IoTSecurity101/blob/master/Automotive/Automotive-security.md) comprises a vast amount of interlinkings to different cybersecurity areas like IoT Security. So, don't limit yourself. + +This page contains additional stuff specific to automotive security compared to IoTSecurity101. + +Note: Explore each link to dig more into your topic of interest. + +--- + +#### ApproachMethodology + +- ***1. In-Vehicle Network*** +- ***2. Hardware Hacking & Fault Injections & SCA Attacks*** +- ***3. Firmware Pentesting (OS and Firmware)*** +- ***4. Wireless Connectivity (RF, Zigbee, WiFi, Bluetooth, etc)*** +- ***5. Mobile App (Android & iOS)*** +- ***6. Cloud / Telemetry*** + +--- + +## Contents + +### AutomotiveSecurityInformation +- [Automotive Security Community](#AutomotiveSecurityCommunity) +- [Educational Content](#BooksChannelsRelatedToAutomotiveSecurity) +- [Exploitation Tools](#ExploitationTools) + +--- + +## InVehicleNetworkCommunicationProtocols +- [CAN](https://en.wikipedia.org/wiki/CAN_bus) +- [CAN-FD](https://en.wikipedia.org/wiki/CAN_FD) +- [LIN](https://en.wikipedia.org/wiki/Local_Interconnect_Network) + +--- + +### AutomotiveSecurityCommunity + +- [ASRG](https://asrg.io) +- [Auto-ISAC](https://automotiveisac.com/) + +--- + +### BooksChannelsRelatedToAutomotiveSecurity + +#### Books +- [Car Hacker's Handbook by Craig Smith](https://nostarch.com/carhacking) +- [Hacking Connected Cars: Tactics, Techniques, and Procedures](https://onlinelibrary.wiley.com/doi/book/10.1002/9781119491774) + +#### Channels +- [ASRG](https://www.youtube.com/@automotivesecurityresearch1613) +- [Car Hacking Village](https://www.youtube.com/@carhackingvillage) + +#### Blogs +- [CANisLabs](https://kentindell.github.io/) +- [CANBusHack](https://canbushack.com/blog/) + +--- + +### ExploitationTools + +#### Hardware + +- [Nano-CAN](https://github.com/mintynet/nano-can) +- [USBtin](http://www.fischl.de/usbtin/) +- [USB2CAN](http://www.8devices.com/products/usb2can/) +- [CANPico](https://canislabs.com/canpico/) +- [Intrepid Tools](http://store.intrepidcs.com/) +- [CANtact](http://linklayer.github.io/cantact/) +- [OBD-KILL](https://store.intrepidcs.com/product/chv-badge-30) +- [ELM327](https://www.elmelectronics.com/obdic.html) + +#### Software + +- [can-utils](https://github.com/linux-can/can-utils) +- [ICsim](https://github.com/zombieCraig/ICSim/) +- [UDSim](https://github.com/zombieCraig/UDSim/) +- [CANalyse 2.0](https://github.com/canalyse/CANalyse-2.0) +- [CANToolz](https://github.com/eik00d/CANToolz) +- [CANalyzat0r](https://github.com/schutzwerk/CANalyzat0r) + +#### Libraries + +- [python-can](https://pypi.org/project/python-can/) +- [Scap CAN Layer](https://dissec.to/kb/chapters/can/can-scapy.html) + +--- + +### Automotive Security Updates + +#### Research Papers & Attack Vectors + +- **UWBAD** - UWB-based keyless entry jamming using COTS hardware. ([arXiv](https://arxiv.org/abs/2407.00682)) +- **SAE J1939 Attacks** - Exploits on heavy-vehicle transport layer protocol. ([arXiv](https://arxiv.org/abs/2406.00810)) + +#### Real-World Exploits + +- **Kia License Plate API Bug** - Remote control via backend endpoint. - [link](https://samcurry.net/hacking-kia) +- **Škoda Mobile App Vulnerability** - Weak backend auth led to data & location leaks. - [link](https://blog.vensis.pl/2019/11/vw-hacking/) +- **Nissan Leaf VIN Bug** - Climate and trip data control via known VINs. - [link](https://www.troyhunt.com/controlling-vehicle-features-of-nissan/) +- **Pwn2Own Automotive** + - Alpine & Sony IVI RCE + - Tesla EV Charger Remote Exploit - [link](https://www.synacktiv.com/en/publications/exploiting-the-tesla-wall-connector-from-its-charge-port-connector) + +#### New Tools and Repos + +- [jaredthecoder/awesome-vehicle-security](https://github.com/jaredthecoder/awesome-vehicle-security) +- [wtsxDev/Vehicle-Security](https://github.com/wtsxDev/Vehicle-Security) +- [souravbaghz/Carpunk](https://github.com/souravbaghz/Carpunk) +- [I-CAN-hack/pq-flasher](https://github.com/I-CAN-hack/pq-flasher) + +#### Conference & Community Highlights + +- [Car Hacking Village](https://www.carhackingvillage.com/) +- [ASRG](https://asrg.io) +- [Auto-ISAC](https://automotiveisac.com/) + +#### Recommendations + +- Watch: DEF CON Car Hacking Village & Pwn2Own Automotive. +- Read: UWBAD, J1939, backend abuse papers. +- Use: CANalyzat0r, Carpunk, CANalyse2.0. +- Follow: GitHub repos by jaredthecoder, wtsxDev. +- Harden: API auth, VIN exposure, OTA process, UWB signal filtering. + +---