Security Operations, Data Security, Encryption, Privacy, Industry Regulations

Car tire sensors could be used to track drivers, study finds

As reported by HackRead, new research highlights a significant privacy vulnerability in modern vehicles: Tire Pressure Monitoring Systems (TPMS). These systems, designed for safety, can inadvertently be exploited to track drivers and their movements without their knowledge or consent.

Researchers from IMDEA Networks Institute discovered that the radio signals broadcast by TPMS sensors, found in millions of cars from brands like Toyota, Mercedes, Renault, and Hyundai, are unencrypted. Each tire emits a unique ID, and by grouping these four IDs, an observer can create a unique fingerprint for a specific vehicle. Using low-cost radio receivers, the team successfully collected millions of signals from thousands of vehicles over 10 weeks, demonstrating the ease with which cars can be identified and tracked from distances exceeding 50 meters. The system can even reveal vehicle weight based on tire pressure, potentially indicating cargo.

This vulnerability poses a significant privacy risk, as TPMS signals can map daily routines and work schedules. Unlike smartphone features, these sensors cannot be turned off and are legally mandated in regions like the UK and EU. While cybersecurity regulations like UN Regulation No. 155 exist, they do not explicitly require encryption for TPMS signals. Researchers are urging manufacturers and policymakers to implement rotating, frequently changing IDs to prevent vehicles from becoming permanent tracking devices and to address this critical regulatory gap.

Source: HackRead

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds