Over the last decades different cyber-attacks related to the automotive industry have been reported, and as the automotive industry is a very large concept, the number of attack vectors to it are quite many. For example, attacks to infrastructure-related systems have been reported, like the Colonial Pipeline ransomware attack, which had unproportionable societal impact affecting the automotive (and other) industries. Another example is when a mobile parking app was hacked, which had less societal impact, but were not so pleasant for the individuals involved. Further, attacks directed directly to the vehicle are of no news for most of us and has frequently been reported too. For example, manipulating a vehicle by attacking its CAN-bus.
The Controller Area Network (CAN-bus) is a standard in-vehicle network developed by Bosch in the 1980’s, allowing the large number of the vehicles’ electronic control units (ECUs) to communicate with each other’s applications without a host computer. Unfortunately, the CAN-bus do not support proper security mechanisms, which is a dangerous omission in the age of connected and self-driving cars. Attackers have showed accessing the CAN network either directly through physical access to the bus, the diagnostic port (OBD-II) or by first compromising another connected component such as the Infotainment system, and hence been able to inject malicious CAN frames into the bus and/or disrupt delivery of legitimate vital CAN frames, affecting the vehicle. Some notable examples of this are, e.g., what Koscher et al. demonstrated 2010 in a number of attacks that exploited this weakness. The attacks included spoofing attacks to impersonate selected ECUs and manipulate certain vehicle functions such as lights, degrade vehicle functionality via undocumented commands, and denial of service by flooding the bus. In 2013 the mavericks Miller and Valasek compromised the CAN-bus of a vehicle and manipulated the brakes of the vehicle. The attack was achieved through a cord-connected computer to the OBD-II port , . Later in 2015, Miller and Valasek demonstrated how they remotely sent CAN packets to a Jeep Cherokee and disabled the vehicle’ braking system and turned off the vehicle while driving on the highway . Based on all this, Lokman  et al concluded that “…most modern automobile systems have been designed with safety, and not security in mind…”.
So how hard is it then to perform cyberattacks directed to the automotive industry? Well, some of them might be more complicated and comprehensive than others, but for sure: Everything is easy when you know it. Why not give it a try yourself? Here is a tutorial posted by an Indian hacker, Suman Mondal. The guide will show you how to unlock, start, and control vehicles. And it includes a simulator too, with a tutorial and explanations on how a simulation environment can be set up so that you can use some of this knowledge to analyze and hack a simulated vehicle. Good luck!
Address to tutorial: www.onlinehacking.xyz/ (As always, stay alert and be cautious of what you download. After all, the website is run by a hacker which color of the hat is not clear.)
 A. Greenberg, “Hackers Reveal Nasty New Car Attacks-With Me Behind The Wheel (Video),” Forbes, 2013, [Online]. Available: https://www.forbes.com/sites/andygreenberg/2013/07/24/hackers-reveal-nasty-new-car-attacks-with-me-behind-the-wheel-video/?sh=680598eb228c.
 A. Greenberg, “The Jeep Hackers Are Back to Prove Car Hacking Can Get Much Worse,” Wired, 2016. https://www.wired.com/2016/08/jeep-hackers-return-high-speed-steering-acceleration-hacks/.
 S.F. Lokman, A. T. Othman, and M.-H. Abu-Bakar, “Intrusion detection system for automotive Controller Area Network (CAN) bus system: a review,” EURASIP J. Wirel. Commun. Netw., vol. 2019, no. 1, p. 184, 2019, doi: 10.1186/s13638-019-1484-3.
Written by Joakim Rosell