Wireless networks are being integrated into the modern automobile. The security and privacy implications of such in-car networks, however, are not well understood as their transmissions propagate beyond the confines of a car’s body. To understand the risks associated with these wireless systems, this project presents a privacy and security evaluation of wireless Tire Pressure Monitoring Systems using both laboratory experiments with isolated tire pressure sensor modules and experiments with a complete vehicle system.
Tire Pressure Monitoring Systems (TPMS) monitors air pressure inside tires and trigger dashboard warnings wirelessly if a tire's pressure drops. Through our reverse-engineering effort, we have shown that TPMS wireless transmissions lack security protection common in basic computer networking, such as input validation, data encryption, or authentication. TPMS wireless signals can be intercepted 40 meters away using a simple receiver, which makes it feasible to track drivers' locations. We also demonstrated that a transmitter that "spoofs" the sensor signal can easily send false readings and trigger a car's dashboard warning display. We are working on hardware and software solutions to secure TPMS and other in-car sensor networks.
Ishtiaq Roufa, Rob Miller, et al. "Security and privacy vulnerabilities of in-car wireless networks: A tire pressure monitoring system case study." 19th USENIX Security Symposium, Washington DC. 2010.