While TPMS, which has become standard in most modern cars, supports driving safety, a study raises a new concern from a cybersecurity perspective. A 10-week study conducted by the Madrid-based IMDEA Networks Institute, which collected approximately 6 million wireless signals from more than 20 vehicles, shows that modern vehicles can be monitored via their tire sensors.
With the TREAD Act, which came into effect in 2000, tire pressure monitoring systems are now mandatory in almost all vehicles. Tiny sensors placed in each tire wirelessly transmit pressure data to the vehicle's electronic control unit. These sensors are responsible for alerting the driver with a warning light on the instrument panel when the pressure drops.
But the findings show that the real problem lies in the signals emitted by these sensors: these signals, which constantly share unencrypted and unique identification numbers, make the vehicle recognizable without seeing its license plate via a suitable radio link.
Tracking is possible from 50 meters away.— Researchers note that signals can be picked up from moving vehicles at distances of up to 50 meters, even through walls or inside buildings. Domenico Giustiniano adds that these signals have the potential to reveal information about a driver's daily routine, such as their movement plans and travel habits, emphasizing that secure tracking poses a fundamental risk.
Additionally, tire pressure data can offer clues about vehicle type, estimated weight, and driving style, creating an added advantage for tracking. This low-cost method stands out as a tracking mechanism that is difficult to detect.
Experts warn: The problem is not limited to TPMS alone.— According to Cooper Quintin of the Electronic Frontier Foundation, the privacy risks in modern vehicles don't end with TPMS alone. Any method that allows location tracking without the driver's knowledge is controversial; furthermore, manufacturers collecting data for purposes such as advertising and insurance risk analysis is another cause for concern.
Privacy concerns raised about TPMS are not new. Studies conducted by Rutgers University and the University of South Carolina in 2010 also pointed to similar security vulnerabilities. ZamDespite the passage of time, there doesn't seem to be a radical change in the basic design. Dr. Yago Lizarribar, from the research team, states that TPMS is designed for security but that the cybersecurity perspective has not been sufficiently considered, and calls on policymakers and manufacturers to develop more secure and privacy-preserving sensor systems.
