Sep
1
Tire Pressure Monitoring System (TPMS) lacks security, can be hacked
September 1, 2010 | Leave a Comment
Pac IT Pro Members: I’m sure you will find this interesting.
Security researchers found they could remotely gain access a vehicle’s computer using Tire Pressure Monitoring System (TPMS). (This is the system that monitors tire pressure in all the tires in your car. TPMS was optional on vehicles prior to 2008 and mandatory on vehicles from 2008 and newer.)
It turns out the TPMS data is sent to the vehicle’s computer unencrypted and the car’s computer will accept a connection from any device including ones reporting to be the TPMS pressure sensors. If the researches rapidly sent a large number for readings or sent crazy values they found they could crash vehicle’s computers requiring a reboot or in some cases hard crash the computer requiring replacement.
The researchers found they could pick-up TPMS transmissions from moving vehicles from 40 meters. Thus it would be possible to track the movement or location of a specific vehicle over a short range. It’s theoretically possible for a cyber-attacker to transmit a false low tire pressure value resulting in the driver pulling over thinking there’s a flat. Or send values crashing the car’s computer. Taking this to extremes, a cyber-attacker could drive around the parking lot at football/baseball game and disable thousands of car’s computers in a matter of minutes.
The summary for this paper can be found at
http://www.usenix.org/events /sec10/tech/techAbstracts.h tml#Rouf
and the full paper describing how they did it can be found at
http://www.usenix.org/events /sec10/tech/full_papers/Rou f.pdf
Picture is of speedometer/odometer hacked using the vehicle’s OBD or On-Board Diagnostic System port.
Doug
Comments
You must be logged in to post a comment.
Follow Us on LinkedIn
Join Us on Facebook
