Vehicle Tracking through Tire Pressure Systems
Tire Pressure Monitoring Systems (TPMS) in vehicles from manufacturers like Toyota, Renault, Hyundai, and Mercedes-Benz are broadcasting unencrypted tire data. This has enabled researchers to track vehicles and drivers at a low cost, exposing significant privacy concerns.
Research Findings on TPMS Vulnerabilities
A team from IMDEA Networks, along with partners, conducted a 10-week study capturing over 6 million signals from 20,000 vehicles using $100 receivers. This study highlights the severe privacy risks associated with these systems.
Direct TPMS (dTPMS) sensors, which are embedded in tires, transmit data such as pressure, temperature, and a unique ID without encryption. These signals can be intercepted from up to 55 meters away, raising concerns about vehicle privacy.
Manufacturer Practices and Security Gaps
Manufacturers like Toyota, Renault, Hyundai, and Mercedes-Benz often utilize battery-powered dTPMS with proprietary protocols. These systems broadcast data in cleartext, making them vulnerable to interception.
The lack of encryption in these systems contrasts with indirect TPMS (iTPMS) used by companies like Volkswagen, which offer better security by not transmitting identifiable data.
Implications and Recommendations
The study revealed that attackers could track vehicles, infer routines, and even identify types of vehicles based on tire pressure data. This poses potential risks, including burglary and unauthorized surveillance.
It is recommended that manufacturers consider encrypting TPMS data and rotating identifiers to enhance security. Policymakers are urged to update regulations to include TPMS under cybersecurity mandates.
This issue highlights the transformation of safety features into potential surveillance tools in modern vehicles, underscoring the need for prompt improvements in security protocols.
Stay informed with the latest in cybersecurity by following us on Google News, LinkedIn, and X.
