Hacking Cars Through Wireless Tire-Pressure Sensors
Still minor, but this kind of thing is only going to get worse:
The new research shows that other systems in the vehicle are similarly insecure. The tire pressure monitors are notable because they’re wireless, allowing attacks to be made from adjacent vehicles. The researchers used equipment costing $1,500, including radio sensors and special software, to eavesdrop on, and interfere with, two different tire pressure monitoring systems.
The pressure sensors contain unique IDs, so merely eavesdropping enabled the researchers to identify and track vehicles remotely. Beyond this, they could alter and forge the readings to cause warning lights on the dashboard to turn on, or even crash the ECU completely.
More:
Now, Ishtiaq Rouf at the USC and other researchers have found a vulnerability in the data transfer mechanisms between CANbus controllers and wireless tyre pressure monitoring sensors which allows misleading data to be injected into a vehicle’s system and allows remote recording of the movement profiles of a specific vehicle. The sensors, which are compulsory for new cars in the US (and probably soon in the EU), each communicate individually with the vehicle’s on-board electronics. Although a loss of pressure can also be detected via differences in the rotational speed of fully inflated and partially inflated tyres on the same axle, such indirect methods are now prohibited in the US.
Paper here. This is a previous paper on automobile computer security.
EDITED TO ADD (8/25): This is a better article.
JyB • August 17, 2010 7:26 AM
Hmm.
I wonder what initiatives like AutoSAR will bring in terms of security to the whole automotive industry. Maybe assurance levels like they use in avionics would be useful ? Maybe it already exists but does not evaluate risks induced by onboard electronics.
As for the EU, It seems mandatory TPMS are scheduled for 2012.