Tagged: TPMS

Exploring Vulnerabilities in Tire Pressure Monitoring Systems (TPMS) with a HackRF

Over on YouTube the channel "Lead Cyber Solutions" has uploaded a video presentation for the Cyber Skills Competition. In the video Christopher Flatley, James Pak and Thomas Vaccaro discuss a man-in-the-middle attack that can be performed on vehicle Tire Pressure Monitoring Systems (TPMS) with a transmit capable SDR such as a HackRF.

A TPMS system consists of small battery powered wireless sensors placed on a vehicles wheels which automatically monitor tire pressure. An LCD basestation usually exists on the dashboard of the car indicating live tire pressure. Most modern cars come with this feature, and it is simple to retrofit an older car with an aftermarket TPMS system.

The idea behind the vulnerability is that a HackRF can be used to reverse engineer the TMPS signal, and then re-transmit a new fake signal that causes the base station to read the tire pressure as low. This can set off an alarm in the car and possibly cause someone to pull over. More alarmingly, they discuss how tractors have automatic tire inflation systems which work using similar sensors. A false low pressure reading could cause the tractor tires to over inflate and be damaged.

In the past we have also posted about Jared Boon's work on TPMS where he shows how privacy could be breached by monitoring and tracking TPMS identifiers.

Receiving and Decoding Tire Pressure Monitor Systems using an RTL-SDR

Tire Pressure Monitoring Systems (TPMS) are comprised of sensors that are designed to measure the tire pressures on a vehicle and then wirelessly transmit the data to a monitoring computer, which will then alert the driver when the tire pressure is incorrectly set.

At the Toorcon conference, Jared Boon has given a talk showing how he used an RTL-SDR and a GNU Radio program that he developed to reverse engineer the TPMS wireless protocol, and read the data that is sent. Jarod also notes that TPMS is potentially a security risk that could be used to track cars. The talk has been uploaded to YouTube and is shown below.