Cars communicate internally using the Controller Area Network (CAN) Bus. It is a broadcast network. If the Engine says "RPM is 3000", everyone (Dashboard, Brakes, Radio) hears it. It has NO Authentication. Crucial vulnerability.
The Attack
1. Plug a device (CANtact or Macchina M2) into the OBD2 port (usually under the steering wheel).
2. Sniff traffic with `candump`.
3. You see ID `0x20` changing when you unlock doors.
4. Replay that ID with `cansend`. The doors unlock.
Danger: In some cars, you can inject messages to disable brakes or turn the steering wheel (if Park Assist is active).
1. Remote Jeep Hack (2015)
Charlie Miller and Chris Valasek hacked a Jeep Cherokee remotely over the Sprint cellular network.
They compromised the Infotainment System (Radio).
From the Radio, they sent CAN messages to the Brakes and Steering, ditching the car while a journalist was driving it.
This led to the recall of 1.4 million vehicles.
2. Defense
Car manufacturers are now implementing "Secure Gateways" that block OBD2 write access without cryptographic authorization.
Ethernet is also replacing CAN for high-bandwidth components, adding more complexity (and TCP/IP security).