Hackers can now track your car's location through tire pressure sensors

Daniel Sims

Posts: 2,476   +75
Staff
In brief: Recent security incidents have proven that internet-connected cars can be tracked and even hijacked by hacking their advanced infotainment systems, wireless keys, and the cloud servers of their manufacturers. However, researchers have also discovered serious vulnerabilities in an overlooked area: the systems that electronically monitor tire pressure can leak location data.

The device in many automobiles that warns drivers when their tire pressure is low transmits the data in unencrypted cleartext and carries a unique identifier for each vehicle. Researchers from IMEDA Networks and several European universities recently discovered that relatively inexpensive wireless devices can track Tire Pressure Monitoring System (TPMS) signals to spy on drivers covertly over extended periods.

Major automakers, including Toyota, Renault, Hyundai, and Mercedes, favor Direct TPMS (dTPMS) devices – battery-powered pressure sensors embedded within wheel rims or tire liners. In contrast with Indirect TPMS, which simply calculates wheel pressure via speed sensors, dTPMS directly transmits tire pressure and temperature information to a vehicle's electronic control unit (ECU) in packets of around 100 bits.

The researchers found that portable devices costing as little as $100 can detect the packets from over 50 meters away. Determined hackers could assemble them using off-the-shelf antennas and Raspberry Pi components, then covertly place them along roads to harvest signals from passing vehicles.

Hiding the receivers along known routes might enable someone to analyze traffic and learn daily routines without resorting to cameras, creating significant privacy risks. Although unique TPMS identifiers are difficult to discern in traffic, isolating the ID at a person's residence would enable potential attackers to track specific vehicles over days or weeks.

The implications are manifold. For example, thieves could learn the routes and schedules of delivery and cargo trucks to find the best opportunity to hijack them. They could also estimate cargo weight by comparing tire-pressure readings against baseline values for specific vehicle models. It might even be possible to spoof flat-tire warnings to the ECU, forcing a vehicle to stop for hijackers lying in wait. Since drivers cannot control TPMS signals, companies could also monitor employees' vehicles without their consent, and authorities could use the signals to conduct mass surveillance.

Automakers and governments have tightened cybersecurity measures following prior incidents where software developers inadvertently exposed the location data of vehicles driven by politicians, intelligence agents, military personnel, and ordinary drivers. However, officials do not seem to be aware of TPMS vulnerabilities.

The researchers strongly recommend that car manufacturers enact encryption protocols. Unfortunately, there is no open TPMS standard, so the implementation of new security systems might be spotty if automakers respond to the issue.

Permalink to story:

 
Security services can use recycled/low battery TPMS sensors to work around this. They'll be cheap (just go to a tire shop and ask to buy used sensors) and the signal will be weaker. Used TPMS sensors are just as good as following a car with your eyes, so there's almost no advantage in tracking them (unless you later want to uniquely identify the car from lookalikes). Even better, you'll need to replace them frequently, so the identifiers will change.
 
:rolleyes: IMO, this is totally ridiculous. Hackers are going to place monitoring devices along every highway? Right! Got it! 🤣 Hackers have no f'ing way of predicting where a vehicle will go. Yes, true, many people always follow the same route when traveling to work or to the store, but still, there is a non-zero probability that someone will travel an unexpected route just when the hacker wants to track a vehicle. Over 50-meters?Just how far over 50-meters will this go. That sensors with antennas need to be place along highways tells me that the answer to how far it will go is- Not Much!

I'll chalk this up to yet another hack that requires improbable access like the "security concerns" for PCs that require direct access to the PC.

Must be a slow day at TechSpot.
 
I understand the point of the article is to sow fear, but the moment you apply a little logic it falls apart. Consider the following: If you can only be monitored from 50 feet away, the attacker would need to know your route in order to discover your route. The attack isn't feasable without pre-posession of the only information it can provide...
 
You'd be surprised how much monitoring occurs. In apartment buildings/condos your neighbors can monitor your room conversation given off by ultrasound from electronic devices like power supplies. These are within 50 feet. I have yet to see one of these receivers, but they exist.
 
A $100 device assembled from a Raspberry Pi and a radio antenna can track your car's location using your tire pressure sensor, and there's no encryption standard, no regulatory awareness, and no easy fix. This is the kind of security vulnerability that gets quietly exploited for years before anyone official notices, because the people who would need to care about it don't know it exists yet.
 
No expert in this sort of thing, but what occurred to me immediately is the wifi network signal propagation used by airtags so you can find your luggage anywhere in the world where there is a wifi router that will send the info on.

50m isn't much, but if the next-level hack is done and the signal becomes available anywhere, the exposure is suddenly much higher.
 
Let's see...the reason the batteries last longer than 10 minutes is that they are low power and go to sleep when parked. To wake them up, you have to have drive for a while over 20 mph, or use a TPMS tool to sent a signal to the sensor to transmit it's information, which is the tire pressure, tire temperature, battery status and the unique hex ID code so the car can figure out it's the correct sensor to be reading. Yeah, I just get a raspberry Pi and some RF parts and program them to recognize the one sensor I've got data for. Not to mention (Credit to the previous posters) planting them all over creation to track it, you wind up with one of the most expensive and least practical tracking systems ever devised.
 
You'd be surprised how much monitoring occurs. In apartment buildings/condos your neighbors can monitor your room conversation given off by ultrasound from electronic devices like power supplies. These are within 50 feet. I have yet to see one of these receivers, but they exist.
Just because they can doesn't mean they do.
 
:rolleyes: IMO, this is totally ridiculous. Hackers are going to place monitoring devices along every highway? Right! Got it! 🤣 Hackers have no f'ing way of predicting where a vehicle will go. Yes, true, many people always follow the same route when traveling to work or to the store, but still, there is a non-zero probability that someone will travel an unexpected route just when the hacker wants to track a vehicle. Over 50-meters?Just how far over 50-meters will this go. That sensors with antennas need to be place along highways tells me that the answer to how far it will go is- Not Much!

I'll chalk this up to yet another hack that requires improbable access like the "security concerns" for PCs that require direct access to the PC.

Must be a slow day at TechSpot.

Yes, but also no one thought there could be cameras everywhere like there are now.
 
Back