‘Most car hackers are great people’

January 28, 2026

UM-Dearborn alum Kamel Ghali talks about how he became a "benevolent" car hacker, the evolving world of automotive cybersecurity, and how the once niche field could be a template for adapting to a broad range of threats.

A young man explains something on a laptop while university students crowd around to look at the screen
Kamel Ghali teaches university students in Thailand how to reverse engineer messages from a vehicle electronic control unit in 2024. This activity was part of a class he teaches on car hacking and automotive cybersecurity. Photo courtesy Kamel Ghali

2018 graduate Kamel Ghali entered college thinking he wanted to be a doctor. Because of his particular interest in medical robotics, he chose computer engineering as his pre-med track. One day, during his junior year, though, his plan hit a surprise detour. He was attending a presentation from Electrical and Computer Engineering Professor Paul Richardson about some recent changes to the program. Ghali says he mostly showed up for the free pizza. But during the Q&A, one of his fellow students asked a question and referenced his recent internship with a Japanese automotive cybersecurity startup. Ghali loved Japanese culture. He was even minoring in Japanese. So after the event, he tracked down the student and chatted him up.

Ghali says his initial interest was simply trying to figure out his own path to Japan. But as they talked, Ghali started getting pretty interested in what that student did during his internship. The company specialized in “car hacking,” a practice that involves probing vehicles’ electronic systems for vulnerabilities in order to create systems that protect cars against cyberattacks. “He explained the concept to me, and I just thought it was so cool,” Ghali says. “Today, the idea of hacking a car is a little more in the public consciousness. But in 2017, it was, like, what are you talking about?” Indeed, this was just two years after the publication of the famous WIRED article detailing how researchers killed the engine of a Jeep Cherokee while it was traveling on the highway — a  moment that Ghali says essentially launched the modern automotive cybersecurity industry. 

Ghali decided to reach out to the start-up and landed an internship of his own, which then led to a post-graduation position. That first job didn’t involve actual car hacking. Ghali says his technical skills in that area were still a bit primitive. Instead, he worked on the company’s sales side, where he leveraged his technical background to help translate information from the company's engineering team to potential clients. In his free time, though, he was essentially pursuing a DIY program in automotive cybersecurity. Ghali says even today, a lot — if not most — of the education in the car hacking realm happens informally, with people who have an interest in this subject getting help from mentors or nonprofits like Car Hacking Village. After developing his skills, he was able to find a job as a vehicle vulnerability researcher, where he did cybersecurity penetration testing for vehicle components. “It’s an interesting field because you don’t always have to have a traditional set of credentials,” Ghali says. “If you can do the thing, somebody is going to give you a job. So there are many different ways to get your foot in the door in this industry.” 

Ghali says when he tells people what he does for a living, they often associate it with the dramatic storylines you see in movies — like the CIA assassinating someone by remotely disabling a car’s braking system. But attacks on cars are typically more mundane. “Basically, the only consistently observed automotive cybercrime that happens is auto theft,” Ghali says. “People are abusing the intelligent technology systems, like the keyless entry system, to steal the car, take it apart and make money from that. There’s no better way to profit from hacking a car.” That doesn’t mean those more high-stakes scenarios aren’t relevant. Ghali says the mere threat of using hacked cars for terrorism, espionage, war or ransom attacks is scary enough that you still have to plan for them. And these largely theoretical scenarios definitely inform the increasingly robust cybersecurity regulations that now exist for electronic vehicle components. “In terms of security of cyber-physical systems, I think automotive is early to the party. I think it’s basically going to become the template that other cybersecurity regulations are based on,” Ghali says. “I recently went to a technology expo in Dubai, and the whole floor was full of humanoid robots. And they’re using automotive networks. They’re basically cars. But these things are walking around your house. You don’t want something like that to have a lot of security vulnerabilities." He says that’s why you’re seeing new regulations like the Cyber Resilience Act, a 2024 EU law that establishes cybersecurity standards for all connected products, from phones to smart shower heads.

One of the more fascinating aspects of the automotive cybersecurity space is that innovation isn’t always driven by the automotive or cybersecurity companies. Rather, Ghali says it’s often the research community and "benevolent" hackers who are discovering new vulnerabilities and then looping in manufacturers. “There was a recent injection attack, where thieves would unplug one of the headlights to connect to the internal vehicle network, unlock the car and drive away. That was widespread in the United Kingdom and Europe and it was targeting vehicles from a specific manufacturer," he says. “A good friend of mine did the work on that crime spree. He went on the black market and bought one of these devices they were using to steal cars, reverse engineered it and alerted the manufacturer. Most car hackers are great people.” 

In fact, Ghali’s latest project is directly focused on supporting this community of benevolent hackers. He recently started a nonprofit that’s lowering some of the biggest barriers to entry for people interested in automotive cybersecurity. “If you want to learn how to hack a car, it can actually be quite difficult, because you’re not going to hack your only car at home — or at least I wouldn't recommend that,” he says. “So you might have to invest in a car to work on, or set up a garage where you can work with different vehicle components. And that’s a huge cost investment.” Ghali’s nonprofit has created a physical lab — stocked with a huge range of vehicle hardware and software — that researchers and students can access remotely from anywhere in the world. Right now, he has partnerships with a couple universities in Japan, and he’s hoping to take the experience to the United States this year. “Of course, it’d be great to see something like this happening with my alma mater,” he says. “The more people who have access, the more awesome research we’re going to see.”

###

Story by Lou Blouin