An embedded systems developer and former Tesla intern has released an open source CANard software and CANard hardware designs to help anyone to hack their connected cars using this car hacking device. Eric Evenchick has released this Python-based toolkit to work with the CAN (Controller Area Network) which is responsible for a number of functions in the connected cars. You can look for the source code link and device design later in the article.
“Every new car has multiple CAN buses that let controllers communicate. This bus controls everything from the camshaft on your engine to your power seats.”
During his talk, he released Python based car hacking device CANard that supports CANtact tool. CANtact tool is a cheap and credit card sized device which can help researchers to find vulnerabilities in CAN buses.
Get your own Ethical Hacking Bundle here.
This car hacking device – CANtact tool – works with Mac, Linux or Windows using USB and then plugged to a CAN-enabled car using an OBD-II cable. CANtact tool is cheap and hackers and enthusiasts can buy it for just $59.95. Also, of you wish to make your own, you can get the hardware design files and source code on GitHub.
Evenchick told Forbes in an email:
“I want to make this easy. Python developers can get the code in one line … and start working with it. It’s also built as a library rather than just a collection of scripts. The plan is to build more functionality out around it, and contribute that back into an open source tool.”
The security researchers don’t want to hack cars for destructive purposes. Instead, they are the tech enthusiasts who aren’t allowed by the car companies to perform security tests and buying and testing vehicle for research isn’t an easy task. The current car manufacturers aren’t aware of the risks involved and they are waiting for some disaster to happen and change the way car giants look at this issue. This $60 car hacking device could be used as a security testing tool and look for the vulnerabilities.
“Making diagnostics available for cheap means that we can not only audit the security of these systems, but also use them for their intended purpose: fixing cars.”
During his talk, using this car hacking device, he demonstrated many vulnerabilities like crack diagnostic security, reading and clearing fault codes and fuzz controllers for taking over car’s operation. It also included CAN bus DoS attacks and injection.
Eric Evenchick said that this code and car hacking device has the potential to become a powerful tool in finding flaws and vulnerabilities in the longer run. Watch the complete video presentation of Eric Evenchick here.