Sunday, May 25, 2025
Homecyber securityHackCar - Attack AND Defense Playground For Automotive System

HackCar – Attack AND Defense Playground For Automotive System

Published on

SIEM as a Service

Follow Us on Google News

Modern cars have microcontrollers that use the Controller Area Network (CAN) to perform safety and luxury functions. 

However, vehicle hijacking can occur through message injection attacks because the CAN network lacks the security of drive-by-wire systems such as speed control, consequently posing a risk to life. 

Despite the efforts of researchers to propose solutions like intrusion detection, encryption, and authentication to enhance CAN’s security features, many previous works have not taken into account practical constraints in auto-making.

- Advertisement - Google News

Free Webinar on Live API Attack Simulation: Book Your Seat | Start protecting your APIs from hackers

The following cybersecurity analysts present HackCar, a cost-effective and fully configurable test platform for evaluating attacks and defenses on automotive architectures:-

  • Dario Stabili
  • Filip Valgimigli
  • Edoardo Torrini
  • Mirco Marchetti

However, there are difficulties for several investigators who want to access actual automobile platforms when analyzing security risks in existing car systems due to investment barriers.

HackCar : Attack AND Defense Playground

HackCar is built on a stripped F1-10th model, HackCar replicates in-vehicle networks and allows implementing real-world scenarios like compromising an autonomous forward-collision avoidance system. 

By open-sourcing HackCar’s specifications, designs, and prototype boards, it enable researchers to replicate and expand on this secure, safe, and budget-friendly platform for comprehensively testing vehicle system security without prohibitive investments. 

Researchers’ main contribution is facilitating crucial automotive cybersecurity research previously restricted by access limitations.

HackCar comprises the following main components:-

  • The sensing system for obstacle detection (LiDAR or stereo cameras)
  • Multiple on-board controllers for sensor data analysis (Sensing System Controller)
  • Actuator management (Main Controller Unit)
  • Attack replication (Attack Controller)
  • Anomaly detection (Detection Controller)
  • An in-vehicle CAN network facilitating communication among controllers using standardized data frames

This architecture replicates a real vehicle’s operational scenarios like autonomous and manual emergency braking while enabling security evaluation through attack implementation and defensive monitoring across the integrated sensing, computational, and network layers.

Overview of the HackCar test platform(Source – Arxiv)

The threat model considers an attacker with in-vehicle network access able to inject malicious CAN messages but not compromise existing ECUs. 

Researchers experimentally evaluate an attack subverting the autonomous emergency braking system by having the Attack Controller intercept and overwrite RPM messages, preventing the platform from stopping. 

Validation involves analyzing CAN bus utilization compared to a reference vehicle, focusing on frequent drive-by-wire related messages, and scrutinizing attack consequences observed in CAN communication. 

Results confirm that HackCar replicates realistic attack behaviors impacting the autonomous driving functionality.

Researchers presented HackCar, a configurable test platform for prototyping attacks and defenses on automotive systems. 

Implemented using an F1-10th model with multiple automotive-grade microcontrollers, HackCar replicates sensing systems for ADAS features, a main controller for autonomous driving, an attacker component for injecting malicious messages on the in-vehicle network, and a detection system to evaluate defensive solutions. 

Validation tests confirm HackCar accurately models realistic vehicle behavior while enabling security research by demonstrating attack consequences in a controlled, cost-effective environment without requiring full vehicle access. 

HackCar facilitates crucial automotive cybersecurity studies that were previously challenging due to platform limitations.

Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide

Tushar Subhra
Tushar Subhra
Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Latest articles

Zero-Trust Policy Bypass Enables Exploitation of Vulnerabilities and Manipulation of NHI Secrets

A new project has exposed a critical attack vector that exploits protocol vulnerabilities to...

Threat Actor Sells Burger King Backup System RCE Vulnerability for $4,000

A threat actor known as #LongNight has reportedly put up for sale remote code...

Chinese Nexus Hackers Exploit Ivanti Endpoint Manager Mobile Vulnerability

Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager...

Hackers Target macOS Users with Fake Ledger Apps to Deploy Malware

Hackers are increasingly targeting macOS users with malicious clones of Ledger Live, the popular...

Resilience at Scale

Why Application Security is Non-Negotiable

The resilience of your digital infrastructure directly impacts your ability to scale. And yet, application security remains a critical weak link for most organizations.

Application Security is no longer just a defensive play—it’s the cornerstone of cyber resilience and sustainable growth. In this webinar, Karthik Krishnamoorthy (CTO of Indusface) and Phani Deepak Akella (VP of Marketing – Indusface), will share how AI-powered application security can help organizations build resilience by

Discussion points


Protecting at internet scale using AI and behavioral-based DDoS & bot mitigation.
Autonomously discovering external assets and remediating vulnerabilities within 72 hours, enabling secure, confident scaling.
Ensuring 100% application availability through platforms architected for failure resilience.
Eliminating silos with real-time correlation between attack surface and active threats for rapid, accurate mitigation

More like this

Zero-Trust Policy Bypass Enables Exploitation of Vulnerabilities and Manipulation of NHI Secrets

A new project has exposed a critical attack vector that exploits protocol vulnerabilities to...

Threat Actor Sells Burger King Backup System RCE Vulnerability for $4,000

A threat actor known as #LongNight has reportedly put up for sale remote code...

Chinese Nexus Hackers Exploit Ivanti Endpoint Manager Mobile Vulnerability

Ivanti disclosed two critical vulnerabilities, identified as CVE-2025-4427 and CVE-2025-4428, affecting Ivanti Endpoint Manager...