We noticed you're browsing in private or incognito mode.

To continue reading this article, please exit incognito mode or log in.

Not an Insider? Subscribe now for unlimited access to online articles.

Wireless Car Sensors Vulnerable to Hackers

Researchers figure out how to hijack sensor communications.

Hackers could “hijack” the wireless pressure sensors built into many cars’ tires, researchers have found. Criminals might then track a vehicle or force its electronic control system to malfunction, the University of South Carolina and Rutgers University researchers say.

Wireless kit: The equipment used to hijack a car’s tire sensors included a laptop, a programmable radio transceiver, and a custom circuit board, which, taken together, cost around $1,500.

The team, which successfully hijacked two popular tire-pressure-monitoring systems (TPMS), will describe the work at the USENIX Security conference in Washington, DC, this week.

This story is part of our November/December 2009 Issue
See the rest of the issue

The tire-sensor attack poses little immediate risk to drivers. However, in recent months, research groups have identified other security weaknesses in vehicle electronics systems. As automakers add more powerful computers to cars, and connect those computers to critical components, in-car systems will need to be secured against hackers, experts warn.

A TPMS consists of sensors inside a car’s tires that measure pressure, and a central wireless antenna–or an antenna in each wheel in more expensive vehicles. An electric control unit (ECU) picks up the signal, and a warning light on the automobile’s dashboard warns a driver when tire pressure has dropped. As well as calculating pressure changes, the ECU filters out noise from sensors in neighboring cars, and compensates for pressure changes due to temperature. The TREAD Act, which Congress passed in 2008, mandates that all new vehicles produced or sold in the United States after that year are required to have this technology.

Using equipment costing $1,500, including a programmable radio transmitter, a specialized circuit board, and free software, the South Carolina-Rutgers team could pick up a car’s tire pressure readings. The researchers deciphered the communication protocol by experimenting with different parameters of the radio transmission.

The systems tested by the South Carolina-Rutgers team had very little security in place–they mainly relied on the fact that the communications protocol is not widely published. “In doing TPMS this way, [automakers] have left the door open to wireless attackers,” says Travis Taylor, one of the paper’s authors.

The team could eavesdrop on communications and, in some circumstances, alter messages in-transit. That let the team give false readings to a car’s dashboard. They could also track a vehicle’s movements using the unique IDs of the pressure sensors, and even cause a car’s ECU to fail completely.

“Normally, these [attacks would] result in small problems,” Taylor says. “But I see practical danger and damage that can happen from TPMS exploitation.”

Earlier this year, researchers from the University of Washington and the University of California, San Diego showed that they could take over the control systems of a popular model of automobile, causing the brakes to lock or the engine to cut out.

“The security and privacy problems that the authors identify in TPMS systems are likely just one among many that will challenge the automotive industry in the years to come,” says Stefan Savage, a UC San Diego professor of computer science and engineering and an author of the earlier report.

ECUs entered production vehicles in the 1970s, following the California Clean Air Act and a surge in gas prices. At first, the systems were just used to adjust the fuel-oxygen mix using data from the vehicle’s exhaust. But the use of ECUs has expanded since then, and today they are used in every aspect of monitoring and controlling automobiles. ECUs are responsible for a feature known as roll stability control–they can apply the brakes, reduce the throttle, and modulate the steering to keep a car from rolling over.

The South Carolina-Rutgers team stresses that it would be difficult to attack a car through the wireless tire system. One hurdle is that the tire sensors communicate infrequently–about once every 60 to 90 seconds–making it difficult to manipulate the system, especially if a vehicle is moving. They were able to overcome these hurdles, however, by shadowing a target vehicle, and using directional antennas.

Even so, UCSD’s Savage stresses that car-hacking is a theoretical threat for the moment. “One shouldn’t overreact to this kind of news,” says Savage. “It’s not the case, for example, that the authors have identified a means by which the TPMS channel can remotely compromise safety-critical systems, nor is there any evidence that this channel is being targeted, or even that there is a clear threat of it being a likely target in the near-term.”

Savage says his group has entered discussions with the “appropriate stakeholders” regarding the exploits they discovered. The South Carolina-Rutgers team has had no luck so far in contacting carmakers.

The Alliance of Automobile Manufacturers will take the appropriate steps to secure its vehicles, says spokesman Wade Newton. “While this concern isn’t unique to autos, we continue looking at this issue–before it becomes a problem,” he says.

AI is here.
Own what happens next at EmTech Digital 2019.

Register now
Want more award-winning journalism? Subscribe to Insider Plus.
  • Insider Plus {! insider.prices.plus !}*

    {! insider.display.menuOptionsLabel !}

    Everything included in Insider Basic, plus the digital magazine, extensive archive, ad-free web experience, and discounts to partner offerings and MIT Technology Review events.

    See details+

    Print + Digital Magazine (6 bi-monthly issues)

    Unlimited online access including all articles, multimedia, and more

    The Download newsletter with top tech stories delivered daily to your inbox

    Technology Review PDF magazine archive, including articles, images, and covers dating back to 1899

    10% Discount to MIT Technology Review events and MIT Press

    Ad-free website experience

You've read of three free articles this month. for unlimited online access. You've read of three free articles this month. for unlimited online access. This is your last free article this month. for unlimited online access. You've read all your free articles this month. for unlimited online access. You've read of three free articles this month. for more, or for unlimited online access. for two more free articles, or for unlimited online access.