Car as testbed for cybersecurity research


I’ve some experience on CAN bus reversing on instrument clusters and on a Suzuki Swift (year 2008). Now, I’d like to buy a new car with the goal to make cybersecurity research on it. However, I’d like to have some suggestions from you on which car model to buy with maximum cost of 25k €.

So which car model you suggest and which you will avoid… :slight_smile:



My best recommendation would be to find a vehicle 2016 or newer that has at least some autonomous systems - lane keeping, self parking, pedestrian avoidance, etc. These areas are the hot research zones right now so if you’re buying a car be sure to get as new of a car as you can for the money. But, try to get as many autonomous features as possible even if that means a year or two older.


I’d also suggest quite a new car and for 25 k€ you can buy a totally new one or a bit used but one that used to be more expensive. There are many autonomous systems nowadays and it could be smart to go to a few places to see the features of the new cars. You could ask the staff there for information on the automation of the cars and find out which car has the most features for your needs. After all it is such a hot trend nowadays that the staff should be quite aware of these new features. Mercedes Benz uses to have a ton of features on their cars but they aren’t too cheap. Also when it comes to cybersecurity it may not be of use to have money wasted on features unrelated to it. I suggest you go around looking at different models and finding out what kind of features they have because they tend to change a lot. I am not too familiar with the difference between different manufacturers but I guess a Volkswagen could be a good idea. I think they have some models below 25k line with some autonomous features.


Thanks for your suggestions.
Yes, actually I’m oriented to by a car with more autonomous systems as possibile seen that cap of money. What I would choose is a car that may be more “vulnerable”, for instance having the infotainment system connected to the CAN bus of the vehicle. As far as I know and tried with VW, for instance, using the OBD2 the gateway filters a lot of requests and answers only if queried with known CAN IDs and payloads.

What do you think about Jeep or Toyota models?


Jeep may not be the best target considering they were the victim of the most prolific security event for vehicle security. If you’re aiming for low-hanging fruit, they are (hopefully) more experienced than other OEMs.