Using Tire Pressure Sensors To Spy On Cars

AngryDad writes "Beginning last September, all vehicles sold in the US have been required to have Tire Pressure Monitoring System (TPMS) installed. An article up at HexView enumerates privacy issues introduced by TPMS, and some of them look pretty scary. Did you know that traffic sensors on highways can be adopted to read TPMS data and track individual vehicles? How about an explosive device that sets itself off when the right vehicle passes nearby? TPMS has been discussed in the past, but I haven't seen its privacy implications analyzed before. Fortunately the problem is easy to fix: encrypt TPMS data the way keyless entry systems do."

Choose your role models carefully

[Anonymous Coward]

KeeLoq has been cracked recently. The wireless access control system is used in vehicles built by Chrysler, Daewoo, Fiat, General Motors, Honda, Toyota (Lexus), Volvo, Volkswagen and Jaguar. All it takes to get access is to record two messages, which can be done from up to 300 feet away. http://www.heise.de/newsticker/meldung/105772 [heise.de]

Alternatively...

[Anonymous Coward]

Fortunately the problem is easy to fix: encrypt TPMS data the way keyless entry systems do.

Or get rid of the nanny state law requiring TPMS. They give drivers a false sense of security regarding their tires, help them to justify paying even less attention to the state of their cars and required maintenance, cost everyone money (even if they don't want one), add unsprung weight to the vehicle, and apparently cause security issues.

Good 'ole "Know what's best for its citizens - especially when reacting to a few tragic incidents that catch the media's eye" federal government.

Re:OnStar

[Intron]

There was a previous article about remote shutdown using OnStar [slashdot.org] which mentioned that OnStar can be used to remotely eavesdrop on your conversations. The OnStar rep didn't answer when I asked them why they included that capability.

Bubbling up from the lower levels

[Apotsy]

Here's a guy posting about a very similar subject on this site a while ago:

http://slashdot.org/comments.pl?sid=05/04/02/2351243&cid=12123337&threshold=-1&commentsort=0&mode=nested [slashdot.org]

Not sure how many people took it seriously at the time, but it sounds like it's getting more and more towards mainstream awareness, especially with this new system. 20 years from now, could a person move around at all, on foot or otherwise, without the powers that be knowing about it?

Re:Part of me feels paranoid now...

[couchslug]

When the Red Army Faction assassinated Alfred Herrhausen in 1989, they used a photocell trigger to set off an "IED" in a bicycle bag. It was a superbly precise job which targeted the actual position in the car occupied by Herrhausen.

Fast forward to now. One might scan the sensors on a target vehicle as it drives a common route, emplace IEDs on multiple routes, and break out the popcorn (or pita as the case may be) until the target drives by. This would be ideal for political hits where the target uses a specific armored vehicle.

http://www.german-way.com/aherrhsn.html [german-way.com]

"Maybe in the future we can all roll to work in giant hamster balls."

That would be quite a hamster.

Re:The "solution" is not so simple.

[John Whitley]

People are incredibly lazy and only take action when they perceive a threat to their person or property. Liberty?

While I understand your frustration, I think it's ultimately misleading to tag people as "lazy" here. Misleading precisely because I tend to agree with you: most folk are "lazy", but that the term is so loaded with negative connotation that it stops further inquiry. Human beings are likey terribly poorly adapted to understanding and reacting to these kinds of threats. Many modern threats are really pretty damn abstract (to an essentially hunter-gatherer mind, anyhow) and require a fair bit of abstract thinking, education, and information to grasp. This presents a huge social risk to be managed: if many modern threats, incidental or deliberate, are difficult for people to properly assess.. our decisions as a society will be distorted dangerously as a result.

I've recently seen reference to work discussing threat perception along these lines, but unfortunately quick searches aren't dredging it up right now. Handy references, anyone?

ABS Sensor

[kd5ujz]

I am not sure about the new mandate ( assuming its not an April fools joke), but the TPS sensor on my work car (2001 Alero) is the same sensor used for the anti-lock brakes. The ABS computer reads the ABS sensors, and any sensor that is spinning faster than the other three tires is assumed to be a flat tire ( lower diameter causes higher RPMs for a given surface speed).

Re:The "solution" is not so simple.

[Kadin2048]

The solution is even easier than encryption. Just don't broadcast a unique identifier!

In this case there's no reason for each tire pressure sensor to be broadcasting one. All they need to do is chirp back the pressure inside the tire. That's it. Give them enough power to hit a receiver located in the wheel (which might be 4-6" away in a very large tire, probably a lot closer than that, and it's all inside the steel-belted tire) and call it a day. Unless you are playing Ben Hur, you're not going to get close enough to another car's tires for it to become a problem -- use a high frequency and you're going to get a substantial bit of attenuation via the tire itself, and then you're decreasing as the square of the distance through free space. You're never going to have more than one valve-stem sensor per wheel-mounted receiver, so why bother with it?

If you really do need a weak form of identification, rather than hardcoding a UID, it would be pretty trivial to have each sensor randomly choose a number from a range such that the chance of collisions was low (deriving the randomness from resistor noise or by oversampling whatever analog sensor they use to determine pressure) and reset periodically or each time the car is started. That eliminates the problem of having to coordinate UIDs and prevent duplicates (cf. the cheap Bluetooth transceivers that caused problems because their MAC-ish addresses were all zeros). Every unit can be completely identical.

On further consideration, I can't really imagine why the designers of the TPMS would have given each sensor a UID (especially since it would probably cause confusion when you rotate tires, if the car's computer tracks them) ... making me wonder if this is just an elaborate 4/1 hoax.

Re:President authorizes warrentless tire tapping..

[Anonymous Coward]

You go home after work (or class, whatever your current activity in life) and find the FBI (at least three letters, right?) digging through your things, with no warrant. You confront them, only to be told that they're just checking for terrorist affiliation. You have none. After a while, they leave. But they've seen every intimate corner of your physical belongings -- without your consent or a judge's authorization, and especially not without cause.

The point of these growing searches is not because the government wants to be able to track the bad guys in this 'age' of increasing terrorism. It's because they want the public to be so afraid, and using terrorism as an excuse works well, that they can simply look through everyone's life at any time. Oh, and in case you haven't realized, everyone is now suspect of terrorism.

Sure they won't use the information to track you down to that little motel off route nine. Well, they might, but they might look the other way past that point. But they may use the information to see where you enter and exit the Interstate (or other monitored road) and correlate the data with nearby 'terrorist' suspects and 'hideouts.' You know, the bar where a government employee happens to stop off for a beer with a couple friends, who work at different places, after work, to have a beer and complain about their day. Jut your luck, that one guy was reported as expressing violent intent. He was quite vocal. Not the one who reported him no longer goes to that bar, and said that several other patrons agreed with him. Now they are all on a watch list. And the bar just so happens to be across from that motel with the women you mentioned. And Rte. 9 is not a monitored road.

It is an extreme example. But if we're in a society that can have an Air Force Captain charged with terroristic acts for buying her ten-year-old son a flight simulator program because the cashier at the local Circuit City is paranoid of terrorism thanks to media fear mongering, then anything is possible to some extent.

Re: Finally, an April Fools story!!!

[transporter_ii]

"Fortunately the problem is easy to fix: encrypt TPMS data the way keyless entry systems do."

Yeah, encryption would stop the little hacker down the street and keep them from setting up a road side explosive set just for you, but it wouldn't stop the government -- who would mandate a backdoor -- from doing it.

And personally, I'm not really worried about the hacker down the street...if cars start blowing up I would bet money it would be government doing it...and not a foreign government, but our government (but of course, it would be blamed on terrorist and the population at large would give up ever last bit of the tiny amount of "freedom" that we have left to get those darn terrorist).

Personally, I've never really been scared by any of the things our government keeps telling me I should be terrorized by, but what really scares me is the bleak future I see for my kids and their kids...caused by our own Orwellian, all-powerful government.

transporter_ii