Research Reveals Danger in Tire Pressure Monitoring Systems
Modern cars have become extremely connected, improving safety and convenience, but simultaneously creating new threats. Researchers have discovered that even the Tire Pressure Monitoring System (TPMS) can be used to track a vehicle’s location.
How TPMS Works and Its Vulnerability
These systems, which have become standard, allow drivers to constantly monitor pressure and receive warnings about its drop. However, most car owners are unaware that TPMS sensors transmit data using unencrypted radio signals. Each sensor constantly broadcasts a unique identifier, which does not change and is not protected by cryptography.
Researchers from the IMDEA Networks Institute confirmed that this fixed unique ID allows malicious actors to identify a specific car and track it.
Experiment Tracking Vehicles
To prove this in practice, scientists created a network of inexpensive radio receivers costing about $100 per unit, placing them near roads and parking lots. Using this system, they collected over 6 million messages from tire sensors of more than 20,000 cars.
The researchers managed to match signals from the four tires of a single car, allowing them to accurately track the arrival, departure, and regular routes of vehicles within the test zone. Signals could be intercepted from a distance of over 50 meters even from moving cars, regardless of whether they were inside buildings. Furthermore, malicious actors can obtain data about tire pressure, which allows them to determine the type of vehicle and the presence of a heavy load.
Potential Consequences and Misuse
Theoretically, TPMS signals could be used both by car manufacturers themselves to track owners’ movements and by criminals, such as thieves, to study routine routes before stealing a vehicle.
Our results show that tire sensor signals can be used to track vehicles and study their movement patterns. This means that a network of inexpensive wireless receivers can inconspicuously monitor car movement in a real-world environment. Such information can reveal daily routines, such as arrival time at work or travel habits, — noted the researcher.
The Need for Improved Protection
Experts emphasize that current vehicle cybersecurity regulations do not specifically regulate the protection of TPMS systems. They call on legislators and automakers to strengthen cybersecurity in future models to eliminate this gap in user privacy protection.
This situation vividly illustrates the paradox of modern technologies: features created to enhance safety can become a source of new risks. The TPMS issue is just one example among many in the Internet of Things sphere, where convenience is often prioritized over security and privacy. Until manufacturers implement proper encryption and dynamic identifiers, millions of drivers will remain potentially vulnerable to unauthorized tracking. The future of the auto industry, especially with the development of electric and autonomous cars, will undoubtedly require a more holistic approach to cybersecurity that encompasses all electronic components, even those in the wheels.