By Jim Smith
Editor, Tire Review magazine
Geek media was all atwitter last week when it was revealed that the lowly TPMS sensors in a car could be used to track that vehicle. Or worse.
Seems that researchers from Rutgers University and University of South Carolina discovered that the wireless communication between tire and vehicle that tells a driver when their inflation pressure is too low can be traced or even forged. It is a security flaw in a vehicle computer system that no one considered.
And it could bring even wider concerns, such as how on-board systems could be hacked, allowing someone to literally take over control of a vehicle.
As for the TPMS issue, researchers found that each sensor’s unique 32-bit ID was unencrypted, so communications between the in-wheel sensor and the vehicle computer could be intercepted by an outsider from as far away as 130 feet.
“If the sensor IDs were captured at roadside tracking points and stored in databases, third parties could infer or prove that the driver has visited potentially sensitive locations such as medical clinics, political meetings, or nightclubs,” the researchers wrote.
Worse yet, intruders could overwhelm the vehicle’s computer with low pressure readings that would repeatedly set off the warning light, or send messages to the control unit that could confuse or break the unit.
“We have observed that it was possible to convince the TPMS control unit to display readings that were clearly impossible,” the researchers wrote, noting that they were able to confuse the control unit beyond repair.