Site Information

 Loading... Please wait...


OBD-II and the Hacking of Automotive CAN Bus Networks

Posted by Wilfried Voss on

Hacking of Automotive CAN Bus Networks

Let me clarify: this is not a guide to hacking automotive networks. Instead, I attempt to dismiss some common misconceptions about OBD-II and its supposed ability to control a vehicle (Spoiler alert: It cannot). As someone who has spent considerable time studying and working with CAN Bus technologies, I think it is time to set the record straight.

When I first contemplated writing this post, I was tempted to title it 'And nobody understands OBD-II.' I was once part of that group of unknowing buffs, and I chose to remain ignorant to avoid a fiercely competitive and over-saturated market. However, the flood of inquiries I received, ranging from the crazy to the interesting, prompted me to reconsider. The common perception was that they had to connect to the onboard OBD-II port, monitor, and analyze CAN Bus data traffic, and insert the control commands according to the envisioned application.

It became clear that many were unaware of the wealth of documentation available on OBD-II, a fact that I found both surprising and, I admit, slightly amusing. After all, most of their questions could have been answered by a simple read through the appropriate documentation, saving us valuable time and effort.

What is OBD?

Let's get to the point: OBD-II, which stands for On-Board Diagnostic Version 2, is a standardized system that allows external electronics to interface with a car’s computer system. It's not about control but about diagnosis. As vehicles have become increasingly computerized, OBD-II has become more critical, with software playing a pivotal role in fixing many problems and unlocking performance.

The point is that OBD is On-Board Diagnostic, not On-Board Control. OBD provides data that reports engine performance and status. Inserting data into the OBD port does not impact any vehicle functionality.

Investigating a Vehicle CAN Bus

The question arises: with OBD-II unsuitable for hacking, where does vehicle control occur? The simple, widely overseen fact is that vehicles have multiple (at minimum two) CAN Bus networks, one for OBD-II, the other(s) for various control functions. The tricky part is to identify the network(s) and find access points.

If you try to get information on how many networks a vehicle uses and what control functions it includes, you will run into a roadblock. That information is highly proprietary and changes from manufacturer to manufacturer and even from one vehicle series to the other.

The Car Hacker's Handbook: A Guide for the Penetration Tester

Modern cars are becoming increasingly computerized with infotainment and navigation systems, Wi-Fi, and automatic software updates. These innovations aim to make driving more convenient for drivers. However, it is alarming that vehicle technologies have not kept pace with the current hostile security environment, leaving millions of drivers vulnerable to attacks.

To address this issue, The Car Hacker’s Handbook provides a comprehensive guide to understanding modern vehicles' computer systems and embedded software. The handbook provides an overview of vulnerabilities in the vehicle's communication network and detailed explanations of communications via the CAN bus and between devices and systems.

Once you have a good understanding of a vehicle’s communication network, the handbook will teach you how to intercept data and perform specific hacks such as tracking vehicles, unlocking doors, glitching engines, flooding communication, and much more. The Car Hacker's Handbook is an essential guide that equips drivers with the technical knowledge to defend against any potential cyber-attacks. More Information...

The Hacking Aspect

For argument’s sake, if you plan to carry out a malicious attack on a vehicle's anti-block system or brakes, you need to be aware of the potential legal consequences and the amount of effort and time it may take to collect and apply the necessary data. Additionally, you would require physical access to the targeted vehicle, which should not be taken lightly. It is crucial to note that attempting such attacks is both illegal and dangerous, and doing so can result in severe consequences.

The main point is that despite the possibility of hacking, it is not a practical or useful activity. Simply put, it is a waste of time, although this argument may not dissuade some people. The only potential use I would consider is to test the network's resilience by attempting to crash it and then report the results to the manufacturer and public. I strongly believe that CAN Bus networks can be easily disrupted and rendered inoperable.

However, with passenger vehicles having experienced a massive increase in connectivity, hackers are more likely to exploit vulnerabilities in wireless networking, Bluetooth, and GSM to affect connected cars' confidentiality, integrity, and availability. This will allow non-physical, i.e., remote access.

Hacking Connected Cars

Field manual on contextualizing cyber threats, vulnerabilities, and risks to connected cars through penetration testing and risk assessment.

Hacking Connected Cars deconstructs the tactics, techniques, and procedures (TTPs) used to hack into connected cars and autonomous vehicles to help you identify and mitigate vulnerabilities affecting cyber-physical vehicles. 

Written by a veteran of risk management and penetration testing of IoT devices and connected cars, this book provides a detailed account of how to perform penetration testing, threat modeling, and risk assessments of telematics control units and infotainment systems.

This book demonstrates how vulnerabilities in wireless networking, Bluetooth, and GSM can be exploited to affect confidentiality, integrity, and availability of connected cars.  More Information...

The Liability Aspect

For obvious reasons, vehicle manufacturers would prefer that you do not pamper with their vehicle control functions. As I mentioned previously, you need to be aware of the potential legal consequences when your access causes damage to the vehicle or drivers and passengers. However, that does not mean that these manufacturers designed their networks to the highest safety standards.

I found an article where the hacker explained how to disconnect the sway bar on a 2010 Jeep Wrangler (AKA Jeep JK) Rubicon 2DR by accessing the CAN Bus. A sway bar, also known as an anti-sway bar or anti-roll bar, is a component of some vehicles’ suspensions. Its purpose is to reduce roll and sway during cornering and other maneuvers. While researching the sway bar function, I also found a video by Jeep referring to the sway bar. They also posted a warning message: “Do not disconnect the sway bar and drive on hard-surfaced roads or at speeds above 18 mph (29 km/h), or you could lose control of the vehicle, which can result in serious injury.”

Source:  Electronic Front Sway Bar Disconnect | How To | 2020 Jeep Wrangler...

Regarding your OBD-II Application

I always emphasize that professional engineering begins with conducting thorough research, which involves extensive reading. Though the process may seem tedious and time-consuming, there are no shortcuts. If you have a groundbreaking idea involving vehicle networks, take your time to investigate the technology carefully.

See also my post  Know OBD2 Before You Start That Development Project...

More Resources


This post is based solely on publicly available information and logical deduction. I have not disclosed any confidential or proprietary data. However, errors are always possible. Therefore, if you have any additional information or wish to demonstrate that I am mistaken, please do not hesitate to contact us through our " Contact Us" page.

Teensy 4.0 OBDII CAN-Bus ECU Simulator Includes Teensy 4.0

Teensy 4.0 OBDII CAN-Bus ECU Simulator Includes Teensy 4.0

This is a CAN-Bus OBDII ECU simulator using the Teensy 4.0 module (included). Useful for testing OBDII interface and writing diagnostic software. ECU PIDs parameters are adjustable via potentiometers. Most programs written for Arduino work on Teensy. All of the standard Arduino functions (digitalWrite, pinMode, analogRead, etc) all work on Teensy. Teensy has the same built-in peripherals as the Arduino: analog inputs, SPI, I2C, PWM, and a real serial port. This board requires a 12 VDC power supply. A 12 VDC adapter is included.  More Information...

Bluetooth OBD2 Scanner and Code Reader for iPhone & Android

EASY-TO-USE OBD2 APP & CAR CODE READER - The FIXD car scanner and OBD app instantly translates 7000+ engine fault codes into plain English on your phone. Wireless Bluetooth connection. Set up in minutes. No car knowledge needed. FIND OUT WHAT’S WRONG WITH YOUR CAR - Even beginners can use the FIXD OBD2 scanner and app [...]

Read More »

Dual CAN PCIe Card for Industrial, Automotive Applications

Cervoz Technology, a supplier of embedded components for the industrial PC market, has extended its industrial modular expansion cards line with the MEC-CAN-2802i, which provides two isolated CAN CC (Classical CAN) interfaces. The expansion card delivers a cost-effective solution for integrating CAN CC ports into embedded computer systems, especially in hostile environments. The board incorporates an M.2 [...]

Read More »

Automotive Development Module has CAN FD, LIN, Ethernet Port

Renesas has launched a software development board featuring the R-Car S4 System-on-Chip (SoC). The scope of delivery includes the Whitebox SDK open-source software. The R-Car S4 facilitates the launch of Car Server/CoGW with high performance, high-speed networking, high security, and high functional safety levels required as E/E architectures grow into domains and zones. The R-Car S4 solution [...]

Read More »

Know OBD2 Before You Start That Development Project

We at Copperhill Technologies offer a variety of CAN (Controller Area Network) devices for developing automotive and industrial embedded systems. In that capacity, we receive frequent inquiries regarding OBD2 (Onboard Diagnostics).  OBD2, or Onboard Diagnostics Second Generation, is a vehicle diagnosis system found in modern cars and trucks. The OBD2 system collects data from sensors and [...]

Read More »

Automotive Power Management IC with LIN and CAN-FD Interfaces

The SPSB081 by STMicroelectronics is a power management chip providing electronic control units (ECU) with power management functionality. It supports CAN FD and, optionally, comes with LIN transceivers. The SPSB081 operates at various standby modes with programmable local and remote wake-up capabilities to minimize power consumption. The chip has a low-drop voltage regulator to supply the host microcontroller [...]

Read More »

Free-of-Charge OBD-II Viewer Windows Software and Application Programming Interface (API)

PEAK Systems has announced the revised version 1.2 of its free-of-charge Windows software PCAN-OBD-2, an OBD-II Viewer based on their OBD-2-API (Application Programming Interface). The software allows engineers to develop applications based on the OBD-II (Onboard Diagnostics) communication standard. The Windows software and the API work with all PEAK Systems CAN Bus interfaces. OBD-II is a standard specifying [...]

Read More »

System-On-Module (SOM) Dedicated To Commercial Vehicles Supports Two CAN FD Interfaces

Microsys Electronics announced its Miriac MPX‑LX2160A, a System-On-Module (SOM) dedicated to commercial vehicles and mobile systems. The module supports two CAN FD interfaces.The module is based on the NXP LX2160A processor and offers 16 Arm Cortex-A72 cores, which are twice as many as its predecessors. The configuration meets the requirements of (artificial intelligence) edge server applications, autonomous [...]

Read More »

Edge AI Platform Supporting Eight GMSL Automotive Cameras, 10G Ethernet, Isolated CAN Bus Port

The NRU-110V computer system by NEOUSYS Technology (Taiwan) supports eight automotive cameras, 10G Ethernet, and one isolated CAN Bus (Classical CAN) interface for in-vehicle communication. The device integrates the NVIDIA Jetson AGX Xavier SOM (System-On-Module), including the Volta GPU (Graphics Processing Unit) and the Carmel CPU. Using the 10G Ethernet interface, the computer acts as a camera sensor hub [...]

Read More »

Gateway Device Controls LIN Bus Via USB, Simulates LIN Master Or LIN Slave Nodes

Lipowski Industrie-Elektronik (Germany), a member of the LIN-Consortium, offers its Baby-LIN-II gateway. The Baby-LIN-II represents a small but powerful system to control a LIN bus via USB and simulate LIN master or LIN slave nodes. The galvanically isolated LIN interface avoids problems in harsh environments.The device also supports stand-alone operation without a PC. A durability [...]

Read More »