WASHINGTON (Sept. 3, 2010) — Tire pressure monitoring systems (TPMS) are vulnerable to hackers and eavesdroppers, making them a potential security and privacy risk to motorists, according to researchers from Rutgers University and the University of South Carolina.
The researchers presented their findings at the 19th Annual Usenix Security Symposium, held Aug. 11-13 in Washington.
“Eavesdropping is easily possible at a distance of roughly 40 meters from a passing vehicle,” the researchers said in their paper, “Security and Privacy Vulnerabilities of In-Car Wireless Networks: A Tire Pressure Monitoring System Case Study.”
TPMS are the first in-car wireless networks to be required in all new U.S. cars, and the European Union also will soon mandate their use, the paper stated. Evaluation of two representative TPMS revealed a number of safety and privacy concerns, it said.
Reverse engineering of TPMS protocols demonstrate that TPMS messages can be triggered remotely, which raises privacy concerns because vehicles can be tracked through these identifiers, the researchers said.
“If the sensor IDs were captured at roadside tracking points and stored in databases, third parties could infer or prove that the driver has visited potentially sensitive locations such as medical clinics, political meetings, or nightclubs,” the paper said.
Existing security mechanisms, however, can alleviate safety and privacy problems with TPMS without overly complicating the installation of new tires, the researchers said. Standard reliable software design and cryptographic practices, they said, would be very helpful.