Vulnerabilities / Threats
8/12/2010
01:14 PM
Connect Directly
RSS
E-Mail
50%
50%

Hackers Deflate Auto Tire-Pressure Sensors

Monitors in fast-moving cars can be damaged using spoofed wireless signals, leading to security, privacy, and safety threats.

The wireless systems that monitor tire pressure in modern cars can be spoofed remotely or even damaged, according to a team of Rutgers University and the University of South Carolina computer scientists.

In particular, when driving two cars next to each other, the researchers could trigger a "low tire pressure" warning at 35 miles per hour, and a "check tire pressure" warning at 65 miles per hour. In addition, they found that at least one type of tire pressure system -- not disclosed -- "could be damaged through spoofed wireless signals."

The researchers plan to present their in-car wireless network security and privacy vulnerability findings Thursday at the Usenix conference in Washington.

"We have not heard of any security compromises to date, but it's our mission as privacy and security researchers to identify potential problems before they become widespread and serious," said Marco Gruteser, associate professor of electrical and computer engineering at Rutgers, in a statement.

While in-car wireless networks are meant to be shielded, researchers could still eavesdrop on communications from 30 feet away using a simple antenna, and 120 feet away when using an amplifier. In addition, according to their research, "reverse-engineering of the underlying protocols revealed static 32-bit identifiers and that messages can be easily triggered remotely, which raises privacy concerns as vehicles can be tracked through these identifiers."

The researchers studied two systems identified only as "commonly used in vehicles manufactured during the past three years" and found that neither performed authentication or input validation. As a result, the researchers were able to spoof the sensor messages. "We validated this experimentally by triggering tire pressure warning messages in a moving vehicle from a customized software radio attack platform located in a nearby vehicle," they said.

What does it take to hack a car's wireless network? Try college-level engineering expertise and a few thousand dollars' worth of publicly available radio and computer equipment. The researchers also used their own cars.

Spurred by the Firestone tire recall in the 2000, in 2003, the U.S. Department of Transportation began requiring a phase-in of tire pressure monitoring systems. By September 2007, all light vehicles -- 26,000 pounds or less -- sold in the United States contained either wired or wireless versions of such systems.

According to Wade Trappe, an associate professor of electrical and computer engineering at Rutgers who worked on the project, "while we agree this technology is essential for driver safety, more can be done to improve security, such as using input validation or encryption."

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0485
Published: 2014-09-02
S3QL 1.18.1 and earlier uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object in (1) common.py or (2) local.py in backends/.

CVE-2014-3861
Published: 2014-09-02
Cross-site scripting (XSS) vulnerability in CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted reference element within a nonXMLBody element.

CVE-2014-3862
Published: 2014-09-02
CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to discover potentially sensitive URLs via a crafted reference element that triggers creation of an IMG element with an arbitrary URL in its SRC attribute, leading to information disclosure in a Referer log.

CVE-2014-5076
Published: 2014-09-02
The La Banque Postale application before 3.2.6 for Android does not prevent the launching of an activity by a component of another application, which allows attackers to obtain sensitive cached banking information via crafted intents, as demonstrated by the drozer framework.

CVE-2014-5136
Published: 2014-09-02
Cross-site scripting (XSS) vulnerability in Innovative Interfaces Sierra Library Services Platform 1.2_3 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
This episode of Dark Reading Radio looks at infosec security from the big enterprise POV with interviews featuring Ron Plesco, Cyber Investigations, Intelligence & Analytics at KPMG; and Chris Inglis & Chris Bell of Securonix.