If you drive a car newer than 2008, a new study finds that your car’s tire pressure monitoring system can be used to track you.
A group of researchers at the IMDEA Networks Institute — an English-language research organization on data networks based in Madrid — discovered this privacy risk at the end of a 10-week study in which they collected approximately 6 million wireless signals from more than 20,000 vehicles. Their findings point to a major hacker threat lurking in the wheel sensors of many modern vehicles.
The TREAD Act of 2000 mandated that modern vehicles be equipped with TPMS for safety on the road. This system works by emitting wireless signals through small sensors attached to each tire, which transmits the pressure information of each tire to the vehicle’s control panel. A warning light on the vehicle’s dashboard indicates low tire pressure.
Instead of using a camera that has a clear line of sight to a car, hackers can intuitively track it using wireless signals emitted by the car’s wheel sensors. That signal is transmitted continuously as a unique unsigned ID number.
Basically, anyone nearby with a cheap radio receiver can pick up the signal and later spot the same car without seeing the license plate.
The information can help users track down drivers
“Our results show that these tire sensor signals can be used to track vehicles and learn their driving patterns,” said Domenico Giustiniano, research professor at the IMDEA Networks Institute, in a peer-reviewed report. “This means that a network of inexpensive wireless receivers can silently monitor traffic patterns in real-world areas. Such information may reveal daily routines, such as commute times or travel habits.”
The researchers were able to capture signals from more than 50 meters away from moving vehicles, through walls and inside buildings. Tire pressure statistics help to reveal the type of vehicle, its weight and the driver’s driving pattern. It’s a cheap, hard-to-detect, and potentially secret way to track.
While this may be a shocking discovery, Cooper Quintin, senior staff expert at the Electronic Frontier Foundation, told CNET that it’s not the only secret threat to your car’s computer system.
“Any method that can be misused to secretly track people’s movements without their knowledge is concerning,” he said. “But so are all the technologies in modern cars that intentionally violate drivers’ privacy by collecting and sharing data for advertising purposes, assessing insurance risks, etc. It’s sad that drivers have to worry about this, and everyone should learn to protect themselves whenever possible while manufacturers are pressured to do better.”
This is not the first time a group of researchers has raised a red flag about this in-car hearing system. A 2010 study by researchers at Rutgers University and the University of South Carolina warned of a potential privacy threat lurking in a car’s tire pressure system. Sixteen years later, the error still persists.
“TPMS is designed for safety, not safety,” said Dr. Yago Lizarribar, one of the authors of this study. “Our findings highlight the need for manufacturers and regulators to improve security in the automotive sensor systems of the future.”
The study urges policy makers and car manufacturers to develop a more secure and privacy-preserving TPMS for future vehicles.
