Key Takeaways
1. The Tire Pressure Monitoring System (TPMS) in cars sends unencrypted signals that can be easily intercepted, posing a privacy risk.
2. Unlike traditional surveillance, TPMS signals can penetrate walls and other vehicles, allowing tracking from over 50 meters away.
3. Researchers collected over six million messages from 20,000 vehicles, revealing sensitive information about drivers and their habits.
4. Current car cybersecurity laws are inadequate, as monitoring systems were designed for safety rather than security, lacking basic authentication.
5. Researchers urge lawmakers and car manufacturers to implement strict privacy measures in future vehicle designs to prevent exploitation of safety systems.
Researchers at the IMDEA Networks Institute have found a serious privacy issue in today’s cars. A recent study that lasted 10 weeks showed that the Tire Pressure Monitoring System (TPMS), which has been a required safety feature in many places since the late 2000s, sends out signals that are not encrypted. These signals can be picked up by others to track where vehicles are going in real time. The sensors send a unique identifier in plain text to let the car know when the tires are low on air, which means anyone can easily capture these radio transmissions.
Advanced Surveillance
Unlike old-school camera surveillance that needs a clear view, these tire sensor signals can go through walls and other cars. This means that small, hidden wireless receivers, which can be bought for as little as $100, are able to pick up data from moving cars from distances greater than 50 meters (164 feet).
Data Collection
In their field measurements, the research team gathered over six million messages from more than 20,000 vehicles. By looking at the signals from all four tires, a network of these inexpensive receivers can accurately guess very sensitive details, such as a driver’s daily routine, what type of vehicle it is, and even how much weight the car is carrying.
The results, which have been documented in a research paper accepted for IEEE WONS 2026, point out a major flaw in current car cybersecurity laws. The researchers mention that the monitoring systems were made mainly for safety, not for security, which is why there’s no basic authentication to protect drivers from being watched in a large-scale, passive way. As a result, the researchers are strongly recommending that lawmakers and car makers enforce strict privacy measures in the design of future vehicles to stop everyday safety systems from being exploited for malicious purposes.
Source:
Link