Skip to Content

Wireless Car Sensors Vulnerable to Hackers

Researchers figure out how to hijack sensor communications.
August 10, 2010

Hackers could “hijack” the wireless pressure sensors built into many cars’ tires, researchers have found. Criminals might then track a vehicle or force its electronic control system to malfunction, the University of South Carolina and Rutgers University researchers say.

Wireless kit: The equipment used to hijack a car’s tire sensors included a laptop, a programmable radio transceiver, and a custom circuit board, which, taken together, cost around $1,500.

The team, which successfully hijacked two popular tire-pressure-monitoring systems (TPMS), will describe the work at the USENIX Security conference in Washington, DC, this week.

The tire-sensor attack poses little immediate risk to drivers. However, in recent months, research groups have identified other security weaknesses in vehicle electronics systems. As automakers add more powerful computers to cars, and connect those computers to critical components, in-car systems will need to be secured against hackers, experts warn.

A TPMS consists of sensors inside a car’s tires that measure pressure, and a central wireless antenna–or an antenna in each wheel in more expensive vehicles. An electric control unit (ECU) picks up the signal, and a warning light on the automobile’s dashboard warns a driver when tire pressure has dropped. As well as calculating pressure changes, the ECU filters out noise from sensors in neighboring cars, and compensates for pressure changes due to temperature. The TREAD Act, which Congress passed in 2008, mandates that all new vehicles produced or sold in the United States after that year are required to have this technology.

Using equipment costing $1,500, including a programmable radio transmitter, a specialized circuit board, and free software, the South Carolina-Rutgers team could pick up a car’s tire pressure readings. The researchers deciphered the communication protocol by experimenting with different parameters of the radio transmission.

The systems tested by the South Carolina-Rutgers team had very little security in place–they mainly relied on the fact that the communications protocol is not widely published. “In doing TPMS this way, [automakers] have left the door open to wireless attackers,” says Travis Taylor, one of the paper’s authors.

The team could eavesdrop on communications and, in some circumstances, alter messages in-transit. That let the team give false readings to a car’s dashboard. They could also track a vehicle’s movements using the unique IDs of the pressure sensors, and even cause a car’s ECU to fail completely.

“Normally, these [attacks would] result in small problems,” Taylor says. “But I see practical danger and damage that can happen from TPMS exploitation.”

Earlier this year, researchers from the University of Washington and the University of California, San Diego showed that they could take over the control systems of a popular model of automobile, causing the brakes to lock or the engine to cut out.

“The security and privacy problems that the authors identify in TPMS systems are likely just one among many that will challenge the automotive industry in the years to come,” says Stefan Savage, a UC San Diego professor of computer science and engineering and an author of the earlier report.

ECUs entered production vehicles in the 1970s, following the California Clean Air Act and a surge in gas prices. At first, the systems were just used to adjust the fuel-oxygen mix using data from the vehicle’s exhaust. But the use of ECUs has expanded since then, and today they are used in every aspect of monitoring and controlling automobiles. ECUs are responsible for a feature known as roll stability control–they can apply the brakes, reduce the throttle, and modulate the steering to keep a car from rolling over.

The South Carolina-Rutgers team stresses that it would be difficult to attack a car through the wireless tire system. One hurdle is that the tire sensors communicate infrequently–about once every 60 to 90 seconds–making it difficult to manipulate the system, especially if a vehicle is moving. They were able to overcome these hurdles, however, by shadowing a target vehicle, and using directional antennas.

Even so, UCSD’s Savage stresses that car-hacking is a theoretical threat for the moment. “One shouldn’t overreact to this kind of news,” says Savage. “It’s not the case, for example, that the authors have identified a means by which the TPMS channel can remotely compromise safety-critical systems, nor is there any evidence that this channel is being targeted, or even that there is a clear threat of it being a likely target in the near-term.”

Savage says his group has entered discussions with the “appropriate stakeholders” regarding the exploits they discovered. The South Carolina-Rutgers team has had no luck so far in contacting carmakers.

The Alliance of Automobile Manufacturers will take the appropriate steps to secure its vehicles, says spokesman Wade Newton. “While this concern isn’t unique to autos, we continue looking at this issue–before it becomes a problem,” he says.

Deep Dive


Embracing CX in the metaverse

More than just meeting customers where they are, the metaverse offers opportunities to transform customer experience.

Identity protection is key to metaverse innovation

As immersive experiences in the metaverse become more sophisticated, so does the threat landscape.

The modern enterprise imaging and data value chain

For both patients and providers, intelligent, interoperable, and open workflow solutions will make all the difference.

Scientists have created synthetic mouse embryos with developed brains

The stem-cell-derived embryos could shed new light on the earliest stages of human pregnancy.

Stay connected

Illustration by Rose Wong

Get the latest updates from
MIT Technology Review

Discover special offers, top stories, upcoming events, and more.

Thank you for submitting your email!

Explore more newsletters

It looks like something went wrong.

We’re having trouble saving your preferences. Try refreshing this page and updating them one more time. If you continue to get this message, reach out to us at with a list of newsletters you’d like to receive.