WILEY Hacking Connected Cars: Tactics, Techniques, and Procedures

- She claims to be an automotive security professional and does not even know what an automotive HSM is? No wonder she doesn't trust in symmetric crypto.- Hacking Connected Cars - without V2X, OTA or APNs?- About Hacking the Headunit or the TCU you learn not much more than installing a couple of tools like Kismet or the Airmon-Suite. If you're interested in these topics you probably know already more than presented here.- Every report available on the internet about hacking IVIs or Connected Cars e. g. from Keen Labs provides by far more insight.- The communication buses like CAN, Flexray or automotive Ethernet are not even scratched on the surface.- Firewalls are not covered.- About Pen-Testing, she doesn't explain when in the product development cycle to execute. She doesn't explain White-/Grey-/Blackbox-Pentests or Red-Teams.- The material presented on the web-page is not worth downloading.- In the second part she tries to present Information on "Risk Management". The UNECE WP.29 ist not mentioned. The ISO 21434 is covered in total on 1 page. Reminder: the book is from 2020.- In chapter 8 she explains risk management frameworks. The section on EVITA ends with wrong numbers. She simply copied the actual numbers and the footnotes were accidentally converted into real numbers. This makes the evaluation completely wrong. Then she stops and does not explain how to calculate the attack potential out of the different parts. The overall risk-calculation is also missing.- In the beginning she mentions that the different frameworks have advantages & disadvantages. But she never get's back to this.

A Good Book for understanding the basics of Security and Security Architecture of Cars.Great to understand the basics of the Security. Setting up your own security lab for performing and learning security.I would say "A must have for Automotive Engineers and Security Learners "

Amazing book, few books achieve the balance between theory and practical examples, this one does it very well !!! It has a lot of technical and practical content without being complicated.

I work as an automotive cyber security engineer for a major OEM defending connected vehicles. I recommend "Hacking Connected Cars" to automotive Red/Blue team members and to those looking to get into the industry. This book highlights the main steps to performing a pen test for connected ECUs. Connected Vehicles are just now entering the spotlight, and this book will become even more relevant over the next few years. Some of the topics I found interesting and am anxious to try out are: 1) Creating a Rogue BTS (Base Transceiver Station) (p. 108) for intercepting cell traffic to the vehicle (***within the legal limits specified on p.112***) 2) Performing an Evil Twin Attack on the In-Vehicle Wifi Network (p.91) 3) Using BtleJuice to MITM the Vehicle Bluetooth interface (p.102)Also very relevant to me were the sections on threat modeling, threat analysis, and how to communicate risk appropriately to an OEM. I do threat modeling regularly at my job and this book expanded my knowledge base on it.All in all, this was an excellent book that disseminates Alissa Knight's 10+ years of expertise in pen testing connected vehicles. I will definitely recommend it to the team that I work with.

If you are in tech and want to understand connected cars, the introduction here is REQUIRED READING. It is an amazing overview and easy to understand. No one understands hacking and security like Alissa Knight. The chapters after the intro are well laid out and well written. However, they are deeper than my technical understanding can handle. If you are a techie, you will likely love it. Lots of clear How To Do It tips. Plus there are web downloads for checklists and how to's. I have already dog-eared the intro as I refer back to it frequently.