Vulnerabilities / Threats
8/12/2010
01:14 PM
Connect Directly
RSS
E-Mail
50%
50%

Hackers Deflate Auto Tire-Pressure Sensors

Monitors in fast-moving cars can be damaged using spoofed wireless signals, leading to security, privacy, and safety threats.

The wireless systems that monitor tire pressure in modern cars can be spoofed remotely or even damaged, according to a team of Rutgers University and the University of South Carolina computer scientists.

In particular, when driving two cars next to each other, the researchers could trigger a "low tire pressure" warning at 35 miles per hour, and a "check tire pressure" warning at 65 miles per hour. In addition, they found that at least one type of tire pressure system -- not disclosed -- "could be damaged through spoofed wireless signals."

The researchers plan to present their in-car wireless network security and privacy vulnerability findings Thursday at the Usenix conference in Washington.

"We have not heard of any security compromises to date, but it's our mission as privacy and security researchers to identify potential problems before they become widespread and serious," said Marco Gruteser, associate professor of electrical and computer engineering at Rutgers, in a statement.

While in-car wireless networks are meant to be shielded, researchers could still eavesdrop on communications from 30 feet away using a simple antenna, and 120 feet away when using an amplifier. In addition, according to their research, "reverse-engineering of the underlying protocols revealed static 32-bit identifiers and that messages can be easily triggered remotely, which raises privacy concerns as vehicles can be tracked through these identifiers."

The researchers studied two systems identified only as "commonly used in vehicles manufactured during the past three years" and found that neither performed authentication or input validation. As a result, the researchers were able to spoof the sensor messages. "We validated this experimentally by triggering tire pressure warning messages in a moving vehicle from a customized software radio attack platform located in a nearby vehicle," they said.

What does it take to hack a car's wireless network? Try college-level engineering expertise and a few thousand dollars' worth of publicly available radio and computer equipment. The researchers also used their own cars.

Spurred by the Firestone tire recall in the 2000, in 2003, the U.S. Department of Transportation began requiring a phase-in of tire pressure monitoring systems. By September 2007, all light vehicles -- 26,000 pounds or less -- sold in the United States contained either wired or wireless versions of such systems.

According to Wade Trappe, an associate professor of electrical and computer engineering at Rutgers who worked on the project, "while we agree this technology is essential for driver safety, more can be done to improve security, such as using input validation or encryption."

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading, September 16, 2014
Malicious software is morphing to be more targeted, stealthy, and destructive. Are you prepared to stop it?
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-0560
Published: 2014-09-17
Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors.

CVE-2014-0561
Published: 2014-09-17
Heap-based buffer overflow in Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability than CVE-2014-0567.

CVE-2014-0562
Published: 2014-09-17
Cross-site scripting (XSS) vulnerability in Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on OS X allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, aka "Universal XSS (UXSS)."

CVE-2014-0563
Published: 2014-09-17
Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allow attackers to cause a denial of service (memory corruption) via unspecified vectors.

CVE-2014-0565
Published: 2014-09-17
Adobe Reader and Acrobat 10.x before 10.1.12 and 11.x before 11.0.09 on Windows and OS X allow attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors, a different vulnerability than CVE-2014-0566.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
CISO Insider: An Interview with James Christiansen, Vice President, Information Risk Management, Office of the CISO, Accuvant