New wireless technologies in cars may compromise a driver’s privacy and pose a security threat, warns a WINLAB research team together with University of South Carolina collaborators. Modern automobiles are increasingly equipped with wireless sensors and devices, such as systems that monitor air pressure inside tires and trigger dashboard warnings if a tire’spressure drops. The researchers have shown that these wireless signals can be intercepted 120 feet away from the car using a simple receiver despite the shielding provided by the metal car body.
Since signals in tire pressure monitoring systems (TPMS) include unique codes from each wheel sensor, this raises concerns that drivers’ locations could be tracked more easily than through other means, such as capturing images of license plates.
TPMS wireless transmissions also lack security protections common in basic computer networking, such as input validation, data encryption or authentication. The researchers demonstrated how a transmitter that mimics, or “spoofs,” the sensor signal can easily send false readings and trigger a car’s dashboard warning display. This could prompt a driver into stopping his or her car when there is actually nothing wrong with the tires.
The WINLAB team included Rob Miller, Sangho Oh as well as Profs. Marco Gruteser and Wade Trappe. Their collaborators at the University of South Carolina were led by Prof. Wenyuan Xu, an ECE and WINLAB alumna. The results of their work were presented at the USENIX Security Symposium, one of the premiere academic computer security conferences and subsequently received a wide press echo in more than 50 media outlets, including a segment on CNN national TV, web stories in the MIT Technology Review, ABC news, Businessweek, and a mention on Slashdot.