Schneier on Security
A blog covering security and security technology.
« NSA on the Enigma |
| Overestimating Threats Against Children »
April 10, 2008
Tracking Vehicles through Tire Pressure Monitors
Just another example of our surveillance future:
Each wheel of the vehicle transmits a unique ID, easily readable using off-the-shelf receiver. Although the transmitter’s power is very low, the signal is still readable from a fair distance using a good directional antenna.
Remember the paper that discussed how Bluetooth radios in cell phones can be used to track their owners? The problem with TPMS is incomparably bigger, because the lifespan of a typical cell phone is around 2 years and you can turn the Bluetooth radio off in most of them. On the contrary, TPMS cannot be turned off. It comes with a built-in battery that lasts 7 to 10 years, and the battery-less TPMS sensors are ready to hit the market in 2010. It does not matter how long you own the vehicle transportation authorities keep up-to-date information about vehicle ownership.
Posted on April 10, 2008 at 6:29 AM
• 46 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
I hear you can also track vehicles through the EZ-Pass devices. And I hear that every vehicle in the country can be tracked, fairly easily, through the use of things called 'license plates' which are readable at fairly long ranges.
Optical license plate readers are still rather uncommon in the US, no?
If you had read the article, you'd see that automakers are _required_ to install TPMS sensors in all new passenger cars and trucks starting in September 2007. (Which is why this is different from EZ-Pass and its ilk).
Also from the article, these sensors are designed to be read from a distance so it is quite a bit easier to check for them than to take a picture of a license plate and process it to extract the license plate number.
And it seems to me to be much, much easier to glue a second set of plates over your license plates than to disable the original TPMS installation in your car and/or switch it to a new one or a new ID.
Well, you could always walk, ride a bike, or use public transportation.
@wiredog, the problem isn't the id, the problem is that then everybody can track your car (=you). And because of that it will be used to collect data about you. And from this data people are going to try to draw conclusions about your shopping habbits, about the imcome of your friends (where do you park?), maybe you insurance want's to rise your costs because you went to mcdonalds too often? You will see all of this in one way or another. The denser the net becomes the more rules will there be for you to follow, because the data miners are trying to optimize their profit margin which translates to reglementing what your freedoms are.
Does the government really record the TPMS serial numbers and all? Every time you replace a tire, you have to fill in a form with the government?
wirecat and ronk, how does the Tire Pressure Monitor Transmitter change anything?
If you want to track a car (and its owner), collect data, etc, you can do so just as well right now by using a camera linked to a number-plate-OCR program. Even if these are not yet common in the US (they are in the UK), neither are the tire id receivers.
The problem is not the trackability of the cars. License plates are meant to make cars uniquely identifiable in case you run over a cyclist or your car is stolen.
The threat to privacy lies with the processing of this data - identifying cars en masse without a reasonable cause to track, building traces of journeys, storing your movement data forever, etc. The solution could be (in the framework of the UK data protection laws) to make your location part of your private data - and require that anyone logging this needs your opt-in agreement.
My initial thought is: Unmount the tires, disable the devices, remount the tires, and profit! In fact, there might end up being a business in that... Then again, it may be that in, say, 5 - 10 years any cars observed driving without functioning TPMS will be considered suspicious and targeted for "special" treatment. I wouldn't think it would be too hard to setup a "TPMS checkpoint" covertly in the context of existing "DUI checkpoints". (Hey-- that would be a *great* way to link TPMS data to a drivers license, too!)
Aside from the likely future legal implications of disabling the sensors, I can imagine that the onboard computer in some cars will start "warning" the driver madly that a tire is under-inflated. No doubt, somewhere a safety-conscious automotive engineer is thinking of ways to "protect" drivers in the event of flat tires (limiting vehicle top speed when accelerating from a stop, correcting for "pull" in steering when a front tire goes flat, etc). Ripping out or otherwise disabling the sensors is going to play hell with any of those schemes and probably make a vehicle a chore to drive.
A quick examination of the article and the linked Wikipedia article doesn't lead me to any information about the number of bits in the IDs. Anybody know how big of an ID we're talking about?
More likely, the yearly state vehicle inspection will include a check for functioning TPMS (if standard equipment on your vehicle). It's a less intrusive and less costly implementation.
@ecofriend what is this strange thing you speak of "Public Transportation"?
"the yearly state vehicle inspection will include a check for functioning TPMS"
Why? Like all other safety systems in a car these days, the car-computer does this every time it is used.
As with any new technology the sensors used to be expensive at approx $200 from a dealer. Then after-market suppliers started making these sensors for $50-$90. Soon these sensors will be disposable, and some auto makers are already integrating them into a generic rubber valve stem. It's my guess that these parts will be as throw away as a normal valve stem in short time.
If that's the case someone may be able to track me for 50-70k miles while I am on the same set of tires. Less if I replace my tires sooner, get a flat and replace a stem or a number of other things.
(I worked at at tire shop in college, we replaced a lot of these)
"In fact, there might end up being a business in that..."
When emissions test came to me, I dutifully took the vehicle in to the dealer.
Fancy dealer or corner garage, the price is the same. My thinking was the dealer had better equipment, more experience, etc.
Naive! The dealer refused to conduct the test because of some "fault" somewhere. A "fault" that would cost about a kilobuck to repair.
Standing there at the dealer service desk, with the practiced look of complete innocence of the lady before me, I quickly concluded the entire business is just a revenue generation scheme by the car industry. That it may help the environment is one of those side-effects: potentially useful, but not really necessary.
With that in hand, I found the seediest, most decrepit looking garage that advertised the test. They did it without question, and the government got it's signature. I still had to pay for it though.
Years later, there is still no problem with the vehicle.
So if it ever came to it, I would happily go into the business of selling defective TPMS devices. Of course, the buyer would be completely aware of the defect too: they would always "I'm ok", and would say so to a small set of "unique" ID's...
If the TPMS sensor is attached to the tire inflation valve, that would seem to create an aftermarket for tire valve caps incorporating small Faraday cages. Or, perhaps, a little parabolic aluminum reflector umbrella on top of the cap, so the signal is directed into the engine compartment, and away from the road.
Little Faraday cages are probably cheaper and more reliable than parabolic dishes.
I would sell after-market TPMS that auto-generated a new ID at least every trip. If there were a way to determine that the TPMS ID had been read, a new ID should be generated soon afterward.
I live in Florida, so the notion of OCR-ing our license plates just makes me laugh.
Last time I checked, we had something like 120 different plate styles, many of which are visually 'busy' or have horrible color contrast, or both. To say nothing of the use of characters that look all but identical at any distance, like O, D and Q.
Has nobody yet thought of cloning someone else's tire signatures and committing mischief? Are people on this blog getting less devious?
Cloning TPMS identifiers is illegal, as is mis-stating an identifier in your mandatory declaration to the government. It is also a violation if you fail to disclose any changes to the identifiers. The use TPMS transmitters from an unapproved source is strictly forbidden.
All of this, and more, is spelled out clearly on the "5497-2 TPMS Identifier Registration Form" that came with all 2008 model cars.
Here are a couple of useful articles on this topic. Both come with a Canadian perspective, meaning we sometimes get technologies whether we wanted them or not because it's easier to build one design for a single large market.
One interesting point is that radio transmitters are NOT the only TPMS technology availalbe. Another option is to watch rotational speed variations between the tires using the anti-lock braking system. That system wouldn't leak your location via tiny radio transmitters.
Another option I see could be making the sensors into transponders instead of transmitters. They could be keyed to the car in a way that only the car can read them, or perhaps the car could actually trigger them to transmit.
@Jared Lessl RE optical recognition being fooled by "busy" designs - Plate OCR systems use infrared. Look at those plates through an infrared-only camera and I bet those patterns totally disappear. Also they use high-intensity infrared beacons to illuminate the plate, and the numbers and letters have highly back-reflective coatings on them.
I'm sure the patterns don't bother the readers at all.
On-topic: if the tire pressure monitors do bother you, go to the tire shop and have them removed. Should only take about 30 minutes. The law requires that they be installed on new cars but AFAIK doesn't prevent you from removing them. In many areas it's common to get snow tires on separate rims for the winter, which wouldn't have monitors on them.
In much of the country, wheels and/or tires get swapped on a seasonal basis. It should be simple to integrate other swaps with that process.
Using this technology to issue traffic citations would not be as effective for safety than just sending the signal to the car not to be able to accelerate over the posted speed limit, maybe with temporary override for emergencies for a very limited amount of time.
I don't know why (U.S.) we allow cars to be sold that can do 3x the highest speed limit and let manufacturers boast about in their ads. Think of all the lives wasted.
How do I surveille thee? Let me count the ways...™
When I replaced the tires on my car last month, I noticed they installed new valve stems, that are completely metal. Sensors maybe.
Nobody asked about the locations of the readers, and when the govmint can't update its IRS computers, how can they possibly keep up with the petabytes of data for tire sensors?
I'm not too worried about wholesale tracking, or end to end tracking of a particular car by a government agency.
However, if one wanted to be notified when a particular car shows up at a particular location, then this is the tool of choice for the:
- Stalker: "Excellent, M.J. Doe's car just parked at the apartment building"
- Police investigations: "Excellent, the same tires showed up during all 7 arson fires."
- Stings: "Excellent, 100 tires stopped longer than 2 minutes near a known prostitution/drug corner."
The abuse potential is left as an excercise for the reader.
Check out this pic.
Where is the antenna? Most likely in the little block of bits that rides inside the tire. The tire's belts already provide some interference but obviously not enough to stop the thing from working. You would likely have to remove it or wrap the inner works in foil and duct tape.
If you remove them, mount them in a piece of PVC and pressurize to 34 psi. Keep it in the trunk.
I haven't decided what to do about mine just yet. I like the feature but hate the security laps.
There would be a great business opportunity in inexpensive, radar-detector-proof, speed traps using this technique. Install two antennas under the road, a measured distance apart, and take a picture if the time from the first antenna to the second it too short. With California municipalites being clobbered by state budget cuts, it could be an effective way to raise revenue.
The comment about OCRing license plates using IR illumination make me wonder whether there might be a market in IR opaque protective 'clear coat' for use on such plates. I don't know of any law that requires that they be readable in anything outside the visible spectrum...
Do they really all have unique ID's?
On my 2005 G35 which has tire pressure monitors, they don't behave like they have ID's. When I have my winter tires on, which have no sensors. The light that tells me my tires are low only come on if I am out in the middle of nowhere. Around the city there seem to be enough infiniti's around that I rarely get low pressure warnings.
Maybe there are unique ids, but they aren't tied between the car and the wheels in my case.
If the IDs are readable by everyone, they should be spoofable too. How expensive would a multi-ID transmitter be?
Then, how about someone like the National Motorists Association http://www.motorists.org/ organizing share-your-TPMS-ID parties?
BTW tires are also fitted with RFID, so the problem (and the possible solution) applies to older vehicles too.
"You honor, it's true that the data points at my tires being present at the scene, but they also point to them being present in 14 different states, and Canada, at the same time."
get over it.
"Police in the Lower Mainland of British Columbia completed a trial of license plate recognition technology and are planning a widespread rollout of the technology in Vancouver. It consists of a camera mounted atop a police car that looks up license plates, checks them against a database and alerts the cop at the wheel if the car is "suspicious". The technology can look up about 3000 plates an hour and they apparently find that they are overwhelmed with the number that turn up as being suspicious - about one in fifty."
"there might be a market in IR opaque protective 'clear coat' for use on such plates"
Something kinda like this:
Numberplate recognition is a pretty well established technology in London. The congestion charges are done by simply driving across an imaginary line, a camera reads your licence and if you don’t pay your bill within 12 hours, you get charged extra, and if you have not paid within 24 hours you get a fine posted to your home.
Pretty much sounds like tracking to me…???
I agree that we need to keep tabs on what info is being sent out around us and about us, but technology is not going to stand still for us… if we are not transmitting then there are many other ways to track us. Facial recognition being one of many…
Perhaps a world tailored to suit us each individually is not such a bad place…
As long as you get the security RIGHT it canal be ok…
Does this now mean that to commit the perfect crime you need to change your wheels before you go…
PSSSTttttt… don’t forget the spare wheel either…
Oh, I know lets make it illegal to change a wheel on your car…
Better yet, don't let the steering wheel turn more than a couple of degrees unless the turn signal has been activated. You'd save more lives.
Fast cars don't kill people, stupid people kill people.
Cranky Old Man: It is not enough to keep them pressurized. Some sensors sense wheel rotation (via acceleration sensors) and that triggers them to send data. If the car knows that the wheels are rotating (for example from the ABS sensor), but doesn't get a reading from the pressure sensor it will signal a fault!
TPMS are important in two cases: people doesn't check pressure regularly, and lawmakers decide that instead of education people make TPMS compulsory OR when using run-flat tires, because driver will not notice low pressure or puncture in time. In most of Europe these tires may only be fitted with pressure monitors.
I guess that creating a nation-wide TPMS surveillance network for TPMS is unfeasible. It is indeed much easier to use licence-plate OCR. Here a lot of highway toll systems and even parking places use licence-plate recognition, which is very convenient for the driver. But of course bad for paranoia. But then should throw away my cell-phone and credit card also, and travel by bike on on foot.
@driver, if by stupid you mean drivers who think they are better drivers than they actually are, then I would agree with you. Unfortunately, from experience, that amounts to the majority of drivers.
I guess this fits in well with the data recorder fitted snugly under the driver's seat of most cars built since around 1998!
@driver: how about brakes that automotically slam full on when the horn is blown (since the horn is only supposed to be used in emergencies)? How about air bags that automatically deploy when you show a right turn signal but make a left turn since you are obviously making an avoidance maneuver and a crash is imminent?
@old guy: acceleration requires excess power over and above that required to maintain speed. If cars were not physically able to exceed the speed limit, then the time required to REACH the speed limit would be ridiculous. A car with a physical top speed of 65 would probably take over 15 minutes to actually reach 65. And it would still be able to exceed lower speed limits.
Plus if you make cars that cant break the speed limits then you need to make speed limits that are high enough to be reasonable as a limit.
Look at all the lives wasted during the nationwide 55mph limit; both directly through the inattentiveness encouraged by a speed limit which allows you to read a book while driving; and indirectly through 100,000,000 people having to spend 17 minutes more per day driving to the same location(s).
Speed != Danger. Stupid == Danger!
If you actually want SAFETY (not safety theater like speed limits), then make knowing HOW to drive an actual requirement to be able to drive in the US (a la Germany). Make a driver's license test that is required every 5 years regardless of age, and make it challenging, like a Bondurant course. And execute people when they have > 20 DUI convictions, instead of electing them to the senate.
Wasn't this an April Fools story?
"Wasn't this an April Fools story?"
I don't believe so.
>I live in Florida, so the notion of OCR-
>ing our license plates just makes me
Just hook 'em up to a website where someone types in the license plates in exchange for viewing free porn. If you have too high of a false rate, you get dropped from the program ;)
Last fall a UMass professor was studying congesting along Route 9, by tracking EZ-PASSes. Even though they were 25 miles from the nearest toll plaza...enough cars had them to yield useful data.
>@Beta Cloning TPMS identifiers is
>illegal, as is mis-stating an
>identifier in your mandatory
>declaration to the government. It
>is also a violation if you fail to
>disclose any changes to the
>identifiers. The use TPMS
>transmitters from an unapproved
>source is strictly forbidden. All
>of this, and more, is spelled out
>clearly on the "5497-2 TPMS
>Identifier Registration Form" that
>came with all 2008 model cars.
This sounds suspiciously close to "big brother". While I can certainly understand wanting to ensure that people don't screw with sensors to disable them, making them snoopable and traceable just makes people want to disable them... Duh. Just put in the right (encrypted) technology in the first place. They did this with cordless phones and Bluetooth pairing a long time ago. It's not exactly rocket science.
Let's get this straight - they want to make your car identifiable and traceable to *anyone* close enough to you with simple, easy to obtain equipment. This is not good. Data obtained and stored anywhere is subject to malicious use. It's often just a matter of time.
As posted elsewhere, consider the terrorist or criminal possibilities. Next thing I'll be asked to do is to register my garage door transmitter with the authorities. Anybody see a problem with that? If so, then they should also see a problem with this.
"Well, you could always walk, ride a bike, or use public transportation."
That's true. Privacy is NEVER violated in the public transport system. (You can, however get a ticket in NY for putting your package on the seat next to you--'public' transport is becoming a profound awful experience)
I don't have ez pass. my car has no tattle tale computer, no tire pressure RFID. I don't see changing that anytime in the forseeable future.
Already some weirdnesses have surfaced. I was at an online tech session with a Jeep engineer and customers, and several of the customers were complaining that after switching to off-road tires (which runn lower pressures) their warning was constantly on, and they wanted the dealer to recalibrate. The engineer said that, alas, there was no practical, or probably legal, way to do that.
@old guy - What street-legal car does 225MPH? I know of many places with a 75MPH speed limit.
To the point, the speed limits of today say nothing about the speed limits of tomorrow.
@otheroptions - Keep in mind that pressure will vary throughout a drive. As a vehicle moves from initial rest and is driven, the tire's temperature will rise which impacts the tire pressure. Also, outside/ambient temp will influence pressure. I'm not saying it can't be done just the problem is difficult. It would be far easier to read the max speed from the OBD II system.
FTM for tracking purposes, forget the TPMS. Instead add RFID, BlueTooth, or some other transmitter to the OBD computer and changing tires. Or have the On* system log activities, coordinate it with GPS data for location, and upload it periodically.
Automobiles manufactured in the US have had "Event Data Recorders" built in them for some years.
The EDR records information on speed, engine revolutions per minute, braking, seat belt usage, whether the driver turns left or right, and other information.
The Wikipedia article on these gives some information on how they can be disabled.
Schneier.com is a personal website. Opinions expressed are not necessarily those of BT.