Schneier on Security
A blog covering security and security technology.
« A Cost Analysis of Windows Vista Content Protection |
| The Problem with "Hiring Hackers" »
December 27, 2006
Tracking Automobiles Through their Tires
Automobile tires are now being outfitted with RFID transmitters:
Schrader Bridgeport is the market leader in direct Tire Pressure Monitoring Systems. Direct TPMS use pressure sensors inside each tire to transmit data to a dashboard display alerting drivers to tire pressure problems.
I'll bet anything you can track cars with them, just as you can track some joggers by their sneakers.
As I said before, the people who are designing these systems are putting "zero thought into security and privacy issues. Unless we enact some sort of broad law requiring companies to add security into these sorts of systems, companies will continue to produce devices that erode our privacy through new technologies. Not on purpose, not because they're evil -- just because it's easier to ignore the externality than to worry about it."
Posted on December 27, 2006 at 7:44 AM
• 57 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
Nice. Now it's possible to build intelligent IEDs capable of attacking specific targets! Or mines that will only disable vehicles with certain tires, e.g. those usually encountered on humvees, while leaving legitimate, civilian traffic alone.
For how much are RFID development kits being sold these days? And can they be shipped to Iraq, or will they soon be export controlled like garage openers?
All in the name of convenience.
I live in upstate NY where it is very cold during winter. Getting out of the car at a gas to pay using a credit card takes time and effort.
I always wanted to have a RFID chip installed in my fuel tank and the gas pump nozzle retro-fitted with a RFID reader, that can automatically charge my credit based on the RFID of the fuel tank.
I guess this may not be the best option if I was concerned with the my privacy. But it sure does take the hassle of using a credit card to purchase gas. And I am willing to pay that price....
In their defense, it would be significantly harder to consistently and surreptitiously stay within 60 feet of a moving car, so it's not as egregious as it is with joggers.
That said, the point being made is still completely valid, but the best defense for the security-conscious would be to simply not use any products of this type.
If we demand security - and are willing to pay a little extra for it - companies will begin producing it. Eventually competitors will differentiate from each other on the quality of their security, which is a big win for us consumers.
This has probably been covered before, but along the same lines, I wonder if it's possible to track people by their bluetooth accessories. Even if the data stream is encrypted, is there an envelope that contains a device ID or something similar?
@ Saqib Ali
I'm confused. If you are using full service then doesn't the gas station attendant pump your gas and then take your credit card to complete the payment without the need for you to exit your vehicle? How is that a hassle?
And, if you are not using full service then you have to get out of the car to work the pump anyway, so taking an extra few seconds to use your credit card at the pump doesn't seem like much of a hassle either...
I just don't see how an RFID equipped nozzle/gas tank would be that much more convenient. Unless of course, the gas hose was robotic and was able to fuel your car automatically without the need for an attendant to handle the pump...
Bluetooth in "non-discoverable" mode is relatively tough to track.
RFID is always transmitting, so WalMart could have sensors in the driveway to their store that detect the RFID equipped tires coming into the store...hmmm, this customer owns old tires, let's send them a tire sale circular. Even better, let's see if they gave us an IM address for their mobile phone in exchange for a discount price once...
If I had a facility and could setup a bluetooth detection network, and had the bluetooth MAC, you could ping the MAC around the building and know someone's movements. But's it is not really a practical idea...I'd just imbed a RFID in their photo IDs instead to know who plugged up which toilet instead. Talk about the ultimate in facility charge backs when your boss get's that bill ;)
Out in the real world, it would be impractical to track someone via bluetooth.
And a quick apology for not running my last reply through a spelling & grammar checker prior to posting!
Gadzooks, that was bad...
I think Saqib's sarcasm was lost on you.
However I wouldn't put it past a company to do just as he described and the majority of people will be willing to accept it as is.
To Saqib Ali:
Mobil Speedpass used to come in two flavors. Once was a key fob with an RFID chip inside that you held beside the pump to have a credit card charged. The other was in a small plastic case that you stuck to a rear window of your vehicle. The window case chip was read when you pulled up next to the pumps. I used to have one and it worked just fine. But Exxon/Mobil no longer offers the window case version. You can still get the key fob unit, though, and it's marginally faster than swiping your card. The is better than using your card if you're wearing gloves because you don't have to slide the fob out of a wallet. Sadly, this only works at Exxon/Mobil.
"Unless we enact some sort of broad law requiring companies to add security..."
As you worded it, it's worse. The law would probably protect companies employing inadequate security from prosecution - remember DMCA makes access illegal regardless whether the encoding algorithm is trivial, such as inverting every last bit in a byte.
Any law should mandate a specific security method per application type, appropriately uneconomically breakable for the application. A TPS (tyre pressure monitoring system) need not have a 10 years to break encryption, but all tyres must operate the same standard.
Planting an RFID tag on a product that you sell should require the seller to either
- reliably and demonstrably disable it after sale,
- to obtain the purchaser's specific consent to leave it functioning (e.g. the RFID petrol filler) and to visibly and obviously show its presence afterwards.
- to be treated legally in the same way as illictly bugging them.
I can also think of no purpose where I'd be happy to implement "remote petrol payments" or their like by something as crude, insecure and non-transferrable as RFID.
One consideration for this technology is those of us that have driven large vehicles such as recreational vehicles. Until you have experienced a triple blowout at 70 mph you do not really appreciate keeping up with tire data.
So what keeps the readers from interrogating the tires in an adjacent car? A reader in the dashboard of an excursion may be closer to the right rear tire of the car in the next lane than to its own right rear tire.
@speedpasser: what if the reader wasnt working (with the window version)? Did it tell you, or did they just arrest you for stealing fuel after you drove off thinking you had paid?
@brainfart: I dont think IEDs would be practical that way; most modern military vehicles have CTIS which actively maintains air level in the tires (not merely reads it) with a mechanical pressure connection - no RFID involved. You could trigger to explode the IED if a car did NOT have RFID and I suspect it will be a while before IED-active countries have universal use of RFID tires (actually, its the valve - part of the wheel assembly - not the tires). Of course IED people probably arent worried about 100% non-collateral damage like we are so they might not care about that. But, they would probably be more effective by triggering on detection of emanations from an oscillator tied to GPS reception, most mil vehicles do have that.
... the point is that there are other ways to keep track of low tire pressure.
My 2000 Toyota van has a sensor on the shocks which detects long-term extension which is deduced as low tire pressure. It saved one tire for me. The tire got a nail on the highway, the warning light came on and I was able to pull over and still hear air coming out of the tire when I got out to inspect it. The sensor detected the flat well before I would have. No RFID was used.
Other cars use other means to detect low tire pressure.
Just some points of information on the linked article: First, they're not (apparently) using sensors in the tires themselves -- rather, there's a small module that's part of the valve stem assembly that measures and transmits the pressure.
This is not new. At least as far back as 1995, tire pressure monitoring was available on the Corvette and other high-end cars. It was probably available earlier than that, but I know the 'vette got it in 1995.
I don't believe that this is RFID. The transmitters are "powered" by the rotation of the wheels, and transmit their status to the vehicle, vs being a passive system that's powered by the received RF power. Each sensor may or may not be individually coded -- some of them have a differerent sensor depending on which corner of the car it's on (only works for those setups where you can't rotate the tires). Others are simply coded and you train the car on which sensor is attached to which wheel usually using a small magnet.
Where this gets to be really annoying is that these systems are becoming mandatory now in reaction to the whole Ford-Firestone debacle. The people who couldn't bother to check their own tire pressures ruined it for the rest of us in the form of extra expense, complexity, and gov't oversight. Monitoring pressures is nice, but I think we're starting to see more integration into the guts of the car's logic systems. This will be in the form of nannies that, for instance, won't let you go over 50mph if a tire is low, or the space-saver spare is in use. Great if you have an actual flat, lousy if a sensor breaks while you're away from home and don't want to spend time at a shop getting it fixed.
I've heard that there are other systems out there that function without any transmitters. Rather, they use the ability of the ABS systems to meaure slight differences in wheel speed and can translate that into pressure differences.
None of this of course means that the tire mfgrs won't start putting RFID into their products. Given the scrutiny that they're under post-Firestone, having the ability to rapidly and accurately track their good is certainly on their radar. Given that they're basically looking at this from a warehouse and distribution perspectice, there's probably little thought being paid to security -- they're simply taking the same piece of information that's currently stamped into the side of the tire -- a serial number -- and making it more machine readable.
Personally, I'm still waiting for EZPass to get hacked...
Now that you all have your panties in a knot. Adding expense to a commodity product isn't what most companies want to do. The NHTSA is mandating TPMS in all tires/cars after a to be determined date. This date was 2009, but I think it's being fought by the automakers claiming they can't change existing design processes this fast to accommodate it.
Part 1 of the ruling, http://www.nhtsa.dot.gov/cars/rules/rulings/...
If you want to complain, complain to your Senator. For the US citizens in the house, your taxes are paying for this in the name of safety.
WTF is this. I tried to post and receive this:
"Schneier on Security
A weblog covering security and security technology.
Thank You for Commenting
Your comment has been received. Unfortunately, it tripped a filter designed to cut down on spam, and is being held for review. Please don't re-post; instead, send an e-mail to webmaster schneier.com listing the time you commented and the name you posted with, and your message will be published. I apologize for the inconvenience. "
As mentioned above, this technology is NOT RFID. Let's not start calling everything with a radio in it RFID, RFID refers to a specific type of technology.
Secondly, just to play devil's advocate here, I understand what Bruce is saying but if this technology is anonymous and highly localized, isn't that like saying:
"Cars reflect visible light. This means that cars are vulnerable to being tracked by a camera or a human eye. Also the glass on car windows is clear in both directions, allowing people to see in as well as out. And worst of all, every car has a unique identifier on the back of it that's visible to everybody. Until manufacturers think about security and privacy issues...".
You see where I'm going with this.
Yes and know. Remeber no -one here is happy about widespread camera tracking either, as proposed in the UK. Also its easier to hide a RFID reader than a camera.
Its all about who you trust. I don't trust big companies in a country where you can own and trade other peoples personal data.
>So what keeps the readers from interrogating the tires in an adjacent car?
I've been planning to get a Garmin 305 for my bicycle which has wireless hearbeat sensors and wheel sensors. I read the instruction book and they have a training scheme where they talk back and forth and basically only talk to each other. This way, you won't pick up the sensors of someone else next to you. I suspect they're using something similar.
Maybe (and probably) TPMS isn't RFID.
However tyres are high value items with theft problems for both new stock and in-use items and also a well-known environmental problem in their end-of-life disposal. We might see mandatory RFID required by governments (I'm in the surveillance-crazed UK) just to track the collection of landfill taxes on them. There are also some arguably beneficial uses of RFID for their maintenance in fleets of heavy vehicles.
I'd certainly expect to see RFID appear in them as one of the early-adopter products for it.
While I agree with Bruce that there should be a law against this (we have HIPAA after all), I also think this problem will work itself out. Two things will happen.
First, once everyone starts using RFID, security risks will become relatively marginalized. If everyone's backscatter RF device blasts on the same frequency, the only way you'll be able to pick up anything is if you're next to it. While this still has some privacy concerns, it turns the problem into something that more closely resembles physical security. The FCC simply can't afford to give individual RFID users unique frequencies and Shannon proved that you can only multiplex so far. There's a time rift in there: between now, when RFID is scarce, and the future, when RFID will be ubiquitous, there are security risks.
The second thing that'll happen has already started. Manufacturers of heart rate monitors have started to deal with this problem. When you're in a busy gym on a treadmill within 10 feet of six others, your heart rate transmitter strap is hard to tell from that of the others near you. The solution is to encode your transmissions. As the problem gets worse, manufacturers will likely move on to more sophisticated coding, even if only by means of multiple access schemes. Eventually, it'll be more difficult to figure out how to read a particular bit of information from a device than it'll be to get the information otherwise. How much is it worth to get information on when my heart beats or how much pressure is holding up my tires, and how much will it cost to get the information? Peoples' credit card numbers fly around the Internet unencrypted, but relatively few people intercept them because the information price-to-quality ratio is lower for phishing.
Well, at first I thought monitoring tire pressure would be a nice safety feature but now I am hoping the whole idea of pneumatic tires will be phased out sooner rather than later.
The Tweel makes sense to me, especially compared with all the rubber-band run-flats being developed.
And if they really wanted to make tire pressure monitoring easier, they could just build in visual indicators in the valve stem design. If you really want people to be "aware", seems better to ask someone to check their tires than to rely on a dashboard system...as the recent spate of satnav-induced accidents show:
Apologies for the blog plugs...
How long before a Highway Patrol puts two interrogators a known distance apart, and looks for speeders? If the (assumed) RFID numbers go into Bridgestone's database, most likely the curious law enforcement agencies will get access. So if you cover 5 miles of interstate in less than 4 mins 17 secs, boom, you get a speeding ticket in the mail.
Sorry, Bruce, but I think you're crying wolf, here.
How am I going to "track" somebody using an RFID transmitter that only transmits 60 feet? You realize that I'll need an RFID reader implanted somewhere every 60 feet along every possible route they might take? OR stay within 60 feet of them to continue to receive the signal with ONE reader? I may as well just track them by using my standard-issue Mark I eyeball!
Talk about a non-issue! This one takes the cake, almost as bad as trying to track tennis shoes - same problem.
You don't get it rahrens. Today an RFID transmitter in your shoes has no value. That's why it's no threat.
If tomorrow every pair of shoes sold had an RFID tag in it a new industry would develop overnight - marketing, security, government would all be vying for data... with marketing in the lead.
Every pair of shoes bought would quickly be linked to a purchaser in some database. That happens in large part now. But the catch would be that every individual, business, marketer, etc. could now track you in and out of their area of interest by scanning your shoe's RFID. That data would have great value, both to them and others. It would be bought, sold, aggregated, correlated and so on.
The more that was collected, the more they'd know about you, your life, you interests, you needs, your travels, and the more valuable it'd become. That would encourage greater investment in "shoe readers" by big and small businesses alike.
Think ads, tracking cookies, and the like only in real life and more accurately tied to you.
Think about that.
TPMS are not strictly RFID. They do operate in the 315/433 ISM radio bands. But they are battery powered (sometimes with mechanical rotation based generator assist) and have their own unique protocol that is used by various TPMS vendors. The protocol identifies the TPMS sensor (which is then used to ID the particular tire and to eliminate signals from surrounding cars) so it does have the potential for tracking. The power level is kept quite low to limit interference. The antennas must be installed in the wheel wells for reliable reception. The nominal range for low frequency is 3m, for high frequency is 10m.
The standard encoding format has only an 8 byte message body. There is 1 byte for tire location, 2 bytes for sensor ID, and 5 bytes for data. The transmission rate is 62.5 Kbits/sec. It is a challenge/ response system (like RFID). The challenge must be a valid command (proper ID and command code) for the tire module. Three bytes of ID is not well suited for surveillance, but is good enough to make the odds of false matching transmissions low.
This makes it a poor choice for broad scale surveillance purposes. There are 2^21 challenge IDs to be tried before you reach the 50% hit probability for a random car. It could be useful for a targetted surveillance, because you could observe the car and discover the wheel and sensor IDs by listening to the car's own RF transmissions. You can also obtain the IDs by putting the system into learn mode, which is easy if you have physical access and nearly impossible otherwise.
All this courtesy of a quick google and then reading the manual for the standard semiconductor parts that are used. BTW good TPMS also measure tire temperatures.
@Davi Ottenheimer: "And if they really wanted to make tire pressure monitoring easier, they could just build in visual indicators in the valve stem design."
I had a set of these, five or six years back. Unfortunately, they weren't very accurate or robust, so I went back to the old trustworthy manual tire-pressure gauge.
I covered what Bruce wrote about, which was a jogger or driver being tracked (as to route, location, etc.) via the RFID chips in their shoes or tires.
The issue YOU allude to are different, although still possible using RFID technology.
However, read one of the posts in the article about the shoes, referring to the fact that those shoes are high end RUNNING shoes. Not the sort people will wear shopping, on dates, to work, etc. Same with the tires. You might be able to track my coming and going using my tire RFID unique IDs between fixed points, but nobody's going to have a nationwide RFID tracking network tracking tires! TOO expensive.
Now there may be other uses and misuses of this technology, yes. But the issues Bruce was worrying about in these two technologies was way too misguided as he wrote about them. You can track someone cheaper and easier using the good old fashioned Mark I eyeball!
And if you are worried about data mining, are you a customer of a grocery store that gives you those neat customer cards you scan for $$$ off of automatic, weekly deals? THAT'S data mining! and it doesn't even need a transmitter - you hand that one over every time you pay for your groceries! Voluntarily!
Think about it.
When it comes to stopping the activation of IEDs the military uses stuff like warlock frequency jammers when they send out convoys. I am not sure that people understand what tracking means . Someone doesn't need to know exactly where you are every 20 feet. They could set a reciever up at your house just to know when you left or set one up under an overpass 15 minutes from your home. Then break in knowing you are gone and steal your hummel collection .
When I think of surveillance of an item like this (even if not tire pressure guages -- it's likely the tires have or will have rfid for inventory purposes)...
When you pull up to most stop lights today, you'll see the outline in the pavement of detector loop that senses large metal objects to know when it should give a lesser-used side street or left turn lane a green light.
Some traffic engineer will rig up RFID detectors to that network, so they can track "anonymously" how vehicles flow through their city (much like the companies that now track cell phones for real-time traffic data...).
Of course, that data is most likely not anonymous since it's unlikely a one-way hash is being applied; and even if it was and someone knew the specific RFID they wanted they'd just apply the hash to find it. I suppose their could be sufficiently anonymous processes created -- a one day key for example that is purposely disposed of after that day.
With the traffic engineers collecting the data, there's probably going to be next to no concern about security. $100 slipped to the college intern in the City's IT department suddenly gives those who like to engage in "pre-texting" and similiar activities of questionable ethics one heck of a resource.
Second point, for those who say it's too much data / will be too much background noise when all the RFIDs are out there / there's safety in numbers (obfuscation)...
That's pretty much all things that used to be said about the internet; however as fast as Internet usage has grown, it's still been outpaced by Moore's law and it's corrolaries. The processing power, RAM, and disk space exist to make mining incredible amounts of information practical even if one doubts the effectiveness of doing so.
If business or government sees a way to make a buck (Government profit = fud to justify more tax revenue...), they'll develop the necessary technology to make such monitoring practical.
The value to Sears to sense people driving into the mall with old tires, then sending them a message on their phone (which they voluntarily linked in order to get a discount card...) like "Have you checked your tires recently? Many common brands have a mile lifetime...and we have them on sale today at Sears!" is almost priceless to the marketing weanies.
I'd prefer that people couldnt detect when I'm fatigued or how much pressure I'm under when I'm tired ...
This article has some interesting insight on TPMS in general, and how TPMS will affect the aftermarket tire industry. One thing I hadn't realized before reading this article is that buying new tires from someone other than the dealer becomes much more complicated with some of the TPMS in place.
"TPMS standardization, sensor proliferation direct vs. indirect, RFID and a possible repeal of TPMS?: Intelligent Tire Technology Conference covered it all!"
By Kevin Rohlwing
Several manufacturers of TPMS systems are mentioned, as well.
It seems you are just trying to say this is a "tired" issue. Sorry, couldn't resist. :)
I haven't found any mention of motorcycle tires yet...
I can't wait for the day that on my way to the tire store to purchase new tires, I receive a few text message coupons from nearby stores, that are competing for my business. I guess I'm talking about RFID sensors that measure tread wear and not pressure.
If they do ever check for tread wear, does that mean when your tires get to an unsafe thickness your car will no longer allow you to drive until you buy new ones? hmmmmmmmm
....all your RFID are belong to us.... you have no chance to survive..... make your time!
I used to have these sensors in my car, and they only updated the pressure every fifteen minutes or so, presumably to save power. That might make it less practical for tracking.
Of course other brands may work differently, and if you emit any radiation at all it could theoretically always be used to track you.
(Hmmm... would it be possible to create a fingerprint of spark plug emissions, to track a particular vehicle? Radio telescopes can certainly detect those from *miles* away...)
> One consideration for this technology is those of us that have
> driven large vehicles such as recreational vehicles. Until you have
> experienced a triple blowout at 70 mph you do not really appreciate
> keeping up with tire data.
"Recreational vehicle" huh?
What you SUV weirdoes need is not another gadget in your truck but some common sense (and better quality standards in your tire manufacturing industry).
I lived in Germany for a few years. No speed limits on the autobahn. People driving 100mph and faster in their Jettas and Beetles is nothing unusual. But curiously you NEVER hear about THREE tires failing at the same time. I wonder why?!?
I am in agreement with TravisD, the tire pressure monitoring is neither a new technology or does it have to be done with RFID, there are other (and less expensive) ways it can be done with existing hardware (ie-ABS sensors)
What infuriates me is the Nanny State mentality. What ever happened to personal responsibility? If you are riding around on squishy tires it's your own fault, not that of the tire manufacturer or the automaker. Period. As the owner of an automobile you are responsible for it's up-keep and operating it safely.
Having been in the repair industry for more years than I care to remember, I've seen pretty much every new and improved technology that has come down the pike in the last 30 years. All have been piled on in the name of environmentalism, fuel savings, safety or convenience. Each has been aimed mostly at protecting brain dead consumers from themselves.
Examples: Auto-reversing power sliding doors (Don't close the door until the kids are seated!), auto-reversing auto-up power windows (Come on, is it so hard to hold the button in the up position until the window is closed?),oil-life monitors (Change it every 3500 miles! Is that so hard?), Low tire pressure sensors (Is it so hard to take a glance at your tires as you are walking to your vehicle?), and what about the people that pump their tires up to 50psi because they heard it helps their gas mileage, will a 'low' pressure monitoring system be reconfigured to turn a light on and tell them that they are an idiot too?
Come on, take a little personal responsibility folks!
Let's hope the government doesn't get involved creating worthless laws. Such laws will only have 'minimum standards'. That way, such manufacturers can say "we surpass federal standards for security and privacy" and consumers will have to listen to other sources telling them the standards are not good enough.
Then, the news media will chirp in, taking talking head interviews from government bureaucrats assuring us they are safe. Then, because the media is more interested in 'reporting' on a controversy than providing any actual facts, they will say 'hmm, a very interesting debate.'
The good news is, as a consumer, I don't have to buy items outfitted with such devices. Another good reason to keep government away from "mandating" such devices in tires or sneakers or whatever other worthless venture "for my safety".
Too bad the government is involved in passports. There's a real lack of choice.
"Recreational vehicle" huh?
What you SUV weirdoes need is not another gadget in your truck but some common sense (and better quality standards in your tire manufacturing industry)."
Actually in the US that generally refers to a motor-home type of vehicle. A failing tire would be much more hazardous than a failing tire on a car.
BTW, people who are suggesting visual inspection and hand operated tire gages (which I personally do) are missing a key point: tire failure is often preceded by loss of pressure over a space of several minutes (as the integrity begins to breach) before the failure goes catestrophic. A real time system, with sufficient warning signals provides a chance to stop the vehicle before total failure occurs.
Yes, that's my blog that you guys linked to above. Thanks.
I actually reposted that rant, I found it on a slashdot.org comment. Slashdot.org is a great site for catching up on news, especially the important intersection between technology and politics.
I have no idea if it's true. I would absolutely love someone to video themselves "dissecting" a tire, and post a response on my blog telling me the results.
I'm a bit too lazy to do this myself. :)
To reinforce and add to what JayH answered, "Recreational Vehicle" in the U.S. would refer to a motor-home.
Under Federal Law, they are exempt from special driver licensing requirements nationwide. Many vehicles of that size would normally require either a "Commercial Drivers License" that is tested to a federal standard, or at least a state Heavy Vehicle License that some states use as an alternative to CDLs for farmers, fire apparatus, and other "non commercial" vehicles.
While a CDL is certainly not tough to obtain...at least you have to pass another written test, driving test, **and** before your driving test go through a good safety inspection of the vehicle demonstrating to the inspector you know how to check tire pressure, brake lines, fluid levels, etc, etc. You are expected to get on the ground and get dirty checking stuff during the test.
But for RVs...hey, the same passenger car license you got when you were 16 is the only thing you need to have! Heaven forbid we should hurt an industry by requiring older people with a disposable income demonstrate they know how operate a pleasure vehicle safely!
Just build your IEDs at the gas stations, stop signs, and stoplights. Vehicle pulls up, read it's RFID, and if it's a Hum-V then BOOM!
If the reader couldn't read the speedpass, the pump would ask for payment by credit card (or cash) before dispensing gas. Also, when the pass is read, an indicator is lit on the pump, making it easy to see if one's pass has been read. I was in no danger of stealing gas while using speedpass.
> To reinforce and add to what JayH
> answered, "Recreational Vehicle" in the
> U.S. would refer to a motor-home.
Oh! Well, my point still stands.
Yes, shit happens. Sometimes tires blow up. But three ALL AT ONCE? Can't help it, to me that sounds like the real problem here is located on the driver's seat.
"One thing I hadn't realized before reading this article is that buying new tires from someone other than the dealer becomes much more complicated with some of the TPMS in place." The device is not in the tire. If it was mounted in the wheel rim (metal part), changing just the tire doesn't create a problem. However, it sounds like they'll probably put it in the valve stem, and that could be a problem. The rubber in the stem deteriorates with age, too, and it's silly to take a risk of sudden tire decompression because of a $2 universally interchangeable part, so good tire shops automatically change the valve stem whenever they take a tire off the rim. Add the RF gismo, and it not only costs several times as much, but it might be hard to get the right type. Still, it doesn't mean you can only get dealer tires, but at worst that the tire shop might have to buy stems from the dealer.
The alternate ways of detecting squishy tires (comparing rotation rate or spring extension) might be worse in this regard, since they look for pretty small differences between the 4 wheels. Changing the tire brand on all 4 wheels at once shouldn't be a problem, but different brands/models on front and rear could confuse the system.
How many of the tire pressure sensors actually broadcast an ID? I have noticed in my car that when I have my winter tires on, they have no transmitter, that my low pressure light will turn off from time to time. I am assuming that this is because there is another car near that has a transmitters in their tires.
markm: Thanks for explaining the bit about the valve stem vs. the wheel rim as the place for the sensor. What I think the article was also getting at, however, is the fact that some TPMS require that new tires or new valve stem sensors be "registered" with the car's on-board computer. Depending on the car involved, that may require special equipment from the manufacturer, or new procedures for current equipment that the tire shop may not know about yet.
The consequences of failing to register aren't really spelled out, but I would guess that at a minimum the TPMS wouldn't work, and possibly the warning light would stay on until the new tire is properly installed. This isn't a new principle in car repairs, of course, but it's the first I've heard of this kind of issue for tire shops.
"Registering" the TPMS in each wheel of my Vette requires that I simply hold a relatively strong magnet against the rims between the wheel spokes near the device. The car gets a 'reset/register' signal and toots the horn to let you know you can move on to the next wheel.
Who is the expected attacker here, and why aren't they already tracking vehicles by license plate (instead of only being able to track the small proportion of vehicles using this tire technology)?
Sure, tracking by license plate is more expensive. You need cameras and line of sight, instead of just a suitable radio transmitter somewhere near the road. But until RFID tires are widespread, the return on the cameras is several orders of magnitude higher than the return on the RFID trackers, so smart spies will use cameras. Unless you're their specific target and they know you have these tires: but how many people does that apply to?
If, in future, everyone has TPMS, then it will become worth spying by that instead of by license plate. At that point you have to zap the chip in the tires, but at the moment I should think that for almost everyone, the tire pressure information is worth the tiny risk of surveillance.
I think Bruce is right that the companies selling this kind of product aren't thinking about security. But I'm not sure we need a law forcing them to "add security to these sorts of systems", at least where the system is non-essential.
A law forcing them to inform you of the presence of the RFID technology and how to disable it would be quite adequate (you could call this "adding security to the system", but I suspect it isn't what Bruce meant). A retail device to locate and disable RFID chips would probably be good enough, without any legislation at all.
rahrens - You don't need a detector every 60 feet. For highways you need them on entry & exit points (on/off ramps). Otherwise you place them at intersections. Probably only major and intermediate intersections; you can likely skip smaller intersections and extrapolate data to fill gaps. The web of detectors doesn't have to be pervasive to be functional.
BTW, local governments could install the detectors to monitor traffic patterns. At least that'll be the initial public reason. Once they have the data and some value to the data is realized, it'll become a natural revenue generator for the locality to sell the data. After all, it's that or higher taxes and who wants those?
RichardC - Oil life monitors allow you to get closer to the full value of the engine oil before replacing it. This reduces consumer costs and greatly reduces the amount of used oil that gets dumped or otherwise has to be processed. Some drivers are getting over 10K miles between changes.
Reading your piece on tracking RFID, etc
reminded me of this application for the
Universal Software Radio Peripheral (a fascinating project in itself).
The company below can track mobile phones
(supposedly anonymously, but as part of an
integrated system it could probably figure out
who you are) by following the signals on the GSM control channel.
[I found this story to be disturbing, so I decided to ask about it. Here is what transpired.]
I hope that this will help with your question. I asked Jay Poparad which
is the Sr. Product Design Engineer and this is his response.
Technical Service Manager
From: Altavista - Jay Poparad
Sent: Tuesday, January 16, 2007 11:25 AM
To: Altavista - Gary Watlington
Cc: Altavista - David Weber; Altavista - Dave Veninga
Subject: RE: question about TPM system
When a TPMS sensor transmits to the vehicle ECU it sends a data stream.
Along with the tire pressure, battery condition and temperature (in some
cases), one of the bits of information in that data stream is the
individual serial number of the sensor. When the sensor is initially
learned and the ECU is programmed at the OEM, the individual serial
number of the sensor is how the ECU registers the sensors tire position
(LF, RF, RR, LR). During normal operation, if a sensor from vehicle "A"
is transmitting the ECU in vehicle "B" will not recognize that signal,
because it is not associated with a registered serial number in the ECU
of vehicle "B". This is also the reason that the sensors require
relearning when the position of the sensor is changed (eg. tire
rotation). The ECU needs to re-register the sensor locations.
The only way that the ECU of vehicle "B" could pick up the signal
transmitted by a sensor from vehicle "A" is if both vehicles are in
learn mode and the sensors are being relearned simultaneously, and the
vehicles are in close proximity to one another.
I hope this helps you understand the mechanism of the sensor
transmission and ECU reception. Please feel free to call or email me
with further questions.
Sr. Product Design Engineer
Schrader-Bridgeport Int'l Inc.
205 Frazier Road, Altavista, VA 24517
From: Altavista - Gary Watlington
Sent: Tuesday, January 16, 2007 8:54 AM
To: Altavista - Jay Poparad
Cc: Altavista - David Weber
Subject: FW: question about TPM system
Would you know the answer to this question?
Let me know what you think please.
Technical Service Manager
From: Altavista - Tom Nelson
Sent: Tuesday, January 16, 2007 8:31 AM
To: Altavista - Gary Watlington
Subject: FW: question about TPM system
Business Development Manager
Schrader-Bridgeport International, Inc.
205 Frazier Rd.- P.O. Box 668 Altavista, Va. 24517
Tel: 434-369-xxxx, Fax: 434-369-xxxx
Sent: Monday, January 15, 2007 5:52 PM
To: Altavista - Tom Nelson
Subject: question about TPM system
I have read the documentation that you provide on your website. I have
a question that isn't answered there. I would appreciate it if you were
to update your website with the answer to this question:
Can you list the security mechanisms (if any) that you have in place to
ensure that only the car that the wheels belong to are able to read the
It seems obvious to me that it would be possible to somebody to
construct a passive reader that would detect the RF signal as somebody
drove by. Can you explain what you have done to ensure that only the
ECU that belongs to the car is able to read the signal that the
corresponding wheels are transmitting?
Thanks very much.
In case you don't know it. Most cars build since 2000 have a 90 second event recorder in them. It records. Speed.
Braking pressure. Steering movements.
Engine RPM. Selected gear. Seat belts connected ot not. Some even have postion sensors to show the direction of the car. i.e sideways etc. How many of you know that? I was thinking of starting a business to disable/remove them. They are hidden very well and are not accessable by the cars diagnostic computer or auto technician. They are removed by law enforcement after an accident.
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc..