Security News Hackers can now track your car's location through tire pressure sensors

[Gandalf_The_Grey]

Content source

https://www.techspot.com/news/111493-hackers-can-now-track-car-location-through-tire.html

Recent security incidents have proven that internet-connected cars can be tracked and even hijacked by hacking their advanced infotainment systems, wireless keys, and the cloud servers of their manufacturers. However, researchers have also discovered serious vulnerabilities in an overlooked area: the systems that electronically monitor tire pressure can leak location data.

The device in many automobiles that warns drivers when their tire pressure is low transmits the data in unencrypted cleartext and carries a unique identifier for each vehicle. Researchers from IMEDA Networks and several European universities recently discovered that relatively inexpensive wireless devices can track Tire Pressure Monitoring System (TPMS) signals to spy on drivers covertly over extended periods.

Major automakers, including Toyota, Renault, Hyundai, and Mercedes, favor Direct TPMS (dTPMS) devices – battery-powered pressure sensors embedded within wheel rims or tire liners. In contrast with Indirect TPMS, which simply calculates wheel pressure via speed sensors, dTPMS directly transmits tire pressure and temperature information to a vehicle's electronic control unit (ECU) in packets of around 100 bits.

The researchers found that portable devices costing as little as $100 can detect the packets from over 50 meters away. Determined hackers could assemble them using off-the-shelf antennas and Raspberry Pi components, then covertly place them along roads to harvest signals from passing vehicles.

 

[LinuxFan58]

My wife just bought a Renault Capture Apline Esprit hybrid and it also has tire pressure sensors. I will tell her she is in danger (soon everyone will know where she is driving around). Just kidding. These vulnerabilities are valid and bad design, but what practical value does this data has?

PS @Andy Ful already knows a lot of my wife's laptop. What is worst the PC or the car, should I worry?

 

[Victor M]

50 meters is not a long distance. And the hackers have to place one device per city block to track a vehicle.

 

[Parkinsond]

Only matters for intelligence services to determine location, and possibly, assassination.

 

[Wrecker4923]

It's another way to track your car, less damaging than those installed vehicle tracking systems. But again, they can already read your license plates.

They can also track you by your phone.

 

[Miravi]

Modern cars are considered a privacy disaster without villains scanning your tires with poor security from up to roughly half a city block away. It's easier to think about your app choices and activities on a PC, but car manufacturers evidently love how much information flows through today's cars so they can cash in on it. No informed consent.

In 2025, the FTC finally clamped down on General Motors for sharing precise location and behavior data without proper consent, banning certain disclosures for five years.

*Privacy Not Included: A Buyer’s Guide for Connected Products

All 25 car brands we researched earned our *Privacy Not Included warning label – making cars the worst category of products that we have ever reviewed

www.mozillafoundation.org

Cars & Consumer Data: On Unlawful Collection & Use

Some say the car a person drives can say a lot about them. As cars get “connected,” this turns out to be truer than many people might have realized.

www.ftc.gov

Modern cars are surveillance devices on wheels with major privacy risks – new report

If your car connects to the internet, what personal data could it be sharing – and even selling? A new report on Australia’s 15 most popular car brands reveals these privacy concerns.

www.unsw.edu.au

 

[Sorrento]

Might be a good thing if you knew my wife was driving along, maybe this could be integrated as a red warning triangle flashing on smart cars, I warn people if she is around our town