Security by obscurity isn't really security at all, but it is often the type of “security” available in vehicles since the majority of security researchers and hackers have no access to connected car systems and no understanding of how they work. That’s about to change; last week at the Black Hat Asia security conference in Singapore, former Tesla intern and embedded systems developer
Eric Evenchick released an open source toolkit that was designed to work with the Controller Area Network (CAN) bus that controls many functions in connected cars.
“Every new car has multiple CAN buses that let controllers communicate. This bus controls everything from the camshaft on your engine to your power seats,” Evenchick explained before presenting "
Hopping on the CAN Bus." After his talk, he opened-sourced the Python-based
CANard; it supports his
CANtact tool, an inexpensive device about the size of a credit card that can help researchers find security vulnerabilities in CAN systems.
