Alissa Knight - Hacking Connected Cars: Tactics, Techniques, and Procedures

1. Chapter 1
2. Chapter 2
3. Chapter 3
4. Chapter 4
5. Chapter 8

1. Chapter 1
2. Chapter 2
3. Chapter 3
4. Chapter 4
5. Chapter 5
6. Chapter 6
7. Chapter 7
8. Chapter 8
9. Chapter 9
10. Chapter 10

Alissa Knight

Copyright 2020 by John Wiley & Sons, Inc., Indianapolis, Indiana

Published simultaneously in Canada

ISBN: 978-1-119-49180-4

ISBN: 978-1-119-49178-1 (ebk)

ISBN: 978-1-119-49173-6 (ebk)

No part of this publication may be reproduced, stored in a retrieval system or transmitted in any form or by any means, electronic, mechanical, photocopying, recording, scanning or otherwise, except as permitted under Sections 107 or 108 of the 1976 United States Copyright Act, without either the prior written permission of the Publisher, or authorization through payment of the appropriate per-copy fee to the Copyright Clearance Center, 222 Rosewood Drive, Danvers, MA 01923, (978) 750-8400, fax (978) 646-8600. Requests to the Publisher for permission should be addressed to the Permissions Department, John Wiley & Sons, Inc., 111 River Street, Hoboken, NJ 07030, (201) 748-6011, fax (201) 748-6008, or online at http://www.wiley.com/go/permissions.

Limit of Liability/Disclaimer of Warranty: The publisher and the author make no representations or warranties with respect to the accuracy or completeness of the contents of this work and specifically disclaim all warranties, including without limitation warranties of fitness for a particular purpose. No warranty may be created or extended by sales or promotional materials. The advice and strategies contained herein may not be suitable for every situation. This work is sold with the understanding that the publisher is not engaged in rendering legal, accounting, or other professional services. If professional assistance is required, the services of a competent professional person should be sought. Neither the publisher nor the author shall be liable for damages arising herefrom. The fact that an organization or Web site is referred to in this work as a citation and/or a potential source of further information does not mean that the author or the publisher endorses the information the organization or website may provide or recommendations it may make. Further, readers should be aware that Internet websites listed in this work may have changed or disappeared between when this work was written and when it is read.

For general information on our other products and services please contact our Customer Care Department within the United States at (877) 762-2974, outside the United States at (317) 572-3993 or fax (317) 572-4002.

Wiley publishes in a variety of print and electronic formats and by print-on-demand. Some material included with standard print versions of this book may not be included in e-books or in print-on-demand. If this book refers to media such as a CD or DVD that is not included in the version you purchased, you may download this material at http://booksupport.wiley.com. For more information about Wiley products, visit www.wiley.com.

Library of Congress Control Number: 2018965255

Trademarks: Wiley and the Wiley logo are trademarks or registered trademarks of John Wiley & Sons, Inc. and/or its affiliates, in the United States and other countries, and may not be used without written permission. All other trademarks are the property of their respective owners. John Wiley & Sons, Inc. is not associated with any product or vendor mentioned in this book.

Alissa Knight has worked in cybersecurity for more than 20 years. For the past ten years, she has focused her vulnerability research into hacking connected cars, embedded systems, and IoT devices for clients in the United States, Middle East, Europe, and Asia. She continues to work with some of the worlds largest automobile manufacturers and OEMs on building more secure connected cars.

Alissa is the Group CEO of Brier & Thorn and is also the managing partner at Knight Ink, where she blends hacking with content creation of written and visual content for challenger brands and market leaders in cybersecurity. As a serial entrepreneur, Alissa was the CEO of Applied Watch and Netstream, companies she sold in M&A transactions to publicly traded companies in international markets.

Her passion professionally is meeting and learning from extraordinary leaders around the world and sharing her views on the disruptive forces reshaping global markets. Alissas long-term goal is to help as many organizations as possible develop and execute on their strategic plans and focus on their areas of increased risk, bridging silos to effectively manage risk across organizational boundaries, and enable them to pursue intelligent risk taking as a means to long-term value creation. You can learn more about Alissa on her homepage at http://www.alissaknight.com, connect with her on LinkedIn, or follow her on Twitter @alissaknight.

I want to thank the many people in my life whove come and gone and those whove helped me along the way in better understanding such an arcane area of vulnerability research. In many ways, my work with them contributed to much of the knowledge that has become this book. Particularly, Id like to thank Robert Leale, The Crazy Danish Hacker, Decker, Solomon Thuo, Dr. Karsten Nohl (cryptography expert), Ian Tabor, Graham Ruxton, and everyone else along the way who taught me through my journey and supported me through the countless days and nights writing this book.

Id also like to pay my respects to my father who never got to publish his own book, Sojourn, who died much too young but lived a life much fuller than those whove lived a hundred years.

Id also like to thank my son, Daniel, who has always been my inspiration and the reason I wake up each and every morning, and who will always be my greatest achievement. My sister and my mom, the strongest women I know but who also know how to love without restraint. My best friend, Emily, who taught me how to truly live and be my best self and Carolina Ruiz, my business partner and friend.

And finally, Id like to thank the love of my life, my best friend, wife, and biggest fan, Melissa - I could conquer the world with just one hand as long as you are holding the other.

Automotive cybersecurity is perhaps the most unique and challenging security problem humankind has ever faced. We have thousand-pound machines traveling at high rates of speed, carrying human lives and critical cargo, surrounded by other identical machines now becoming fully connected, automated, and even communicating with their surroundings. With a broad spectrum of new technologies entering into the automotive space to facilitate these new capabilities and features, the average vehicle can require 10100+ million lines of code and need to manage multiple protocols. With the ever-growing complexity of vehicles, it's easy to imagine how many potential security flaws could exist in any given vehicle.