I introduce a Python based device for sending and receiving CAN messages from the OBDII port; and also getting live GPS coordinates from a moving vehicle. All the CAN and GPS data is exfiltrated to the cloud so the car can be monitored remotely via a web browser. This write-up is about my personal experience on car hacking using open source software and hardware: python-can/Flask and BeagleBone® Blue.

Image for post
Image for post
ChupaCarBrah spy device

I created a separate step-by-step tutorial on how to build the spy device, a.k.a. ChupaCarBrah that I will be using for this article. I also share all the code for the python-can client that runs on the device; and the server side Flask application that runs on AWS. This first version of the spy device is capable of tracking vehicle location and monitoring CAN data (e.g. engine RPM, air temperature, VIN, etc). All data is exfiltrated via a cellular LTE modem added to the Beaglebone. JSON format is used to send the data to the Flask application on AWS. As the vehicle moves, the JSON data on the cloud gets updated live, allowing you to monitor your vehicle completely remote. …


When deploying defense in depth security controls for your organization, you are likely to include antiviruses as part of the solution. That is definitely a good practice as long as we keep in mind that antiviruses are just adding an extra layer of protection and we should never solely depend on it for protecting end-users devices.

A good security program should always include defense in depth controls such as software update governance, firewalls, training/security awareness, physical security, identity management, password policy, etc. …


Marcelo Sacchetin

Application Security Engineer

Get the Medium app

A button that says 'Download on the App Store', and if clicked it will lead you to the iOS App store
A button that says 'Get it on, Google Play', and if clicked it will lead you to the Google Play store