1. Welcome to Tacoma World!

    You are currently viewing as a guest! To get full-access, you need to register for a FREE account.

    As a registered member, you’ll be able to:
    • Participate in all Tacoma discussion topics
    • Communicate privately with other Tacoma owners from around the world
    • Post your own photos in our Members Gallery
    • Access all special features of the site

Cars hacked through wireless TPMS access

Discussion in 'Wheels & Tires' started by SlurpeeBlueMetallic, Aug 11, 2010.

  1. SlurpeeBlueMetallic

    SlurpeeBlueMetallic [OP] FFFFFFUUUUUUUUUUUUUUU...

    Joined:
    Jun 23, 2009
    Member:
    #18825
    Messages:
    1,666
    Gender:
    Male
    Interesting... not sure if this is a repost, I searched key words and found nothing. I've seen several articles on wired hacking into vehicles which led to theorizing about gaining access via Bluetooth or other optional equipment. This is the first I've seen where mandated safety equipment provides the access.

    Apparently for $1500 you can hack into an ECU via the TPMS system and wreak all kinds of mischievous havoc and track vehicles for as far as you have detectors setup.

    My favorite of the comments so far:
    Yo dawg, I heard you like buffer overruns in your ECU, so I installed this TPMS in your new rims dawg. Now you can be crashin' while you're crashin'!
    :laughing:

    http://arstechnica.com/security/new...less-tyre-sensors.ars?comments=1#comments-bar
    The tire pressure monitors built into modern cars have been shown to be insecure by researchers from Rutgers University and the University of South Carolina. The wireless sensors, compulsory in new automobiles in the US since 2008, can be used to track vehicles or feed bad data to the electronic control units (ECU), causing them to malfunction.

    Earlier in the year, researchers from the University of Washington and University of California San Diego showed that the ECUs could be hacked, giving attackers the ability to be both annoying, by enabling wipers or honking the horn, and dangerous, by disabling the brakes or jamming the accelerator.

    The new research shows that other systems in the vehicle are similarly insecure. The tire pressure monitors are notable because they're wireless, allowing attacks to be made from adjacent vehicles. The researchers used equipment costing $1,500, including radio sensors and special software, to eavesdrop on, and interfere with, two different tire pressure monitoring systems.

    The pressure sensors contain unique IDs, so merely eavesdropping enabled the researchers to identify and track vehicles remotely. Beyond this, they could alter and forge the readings to cause warning lights on the dashboard to turn on, or even crash the ECU completely.

    Unlike the work earlier this year, these attacks are more of a nuisance than any real danger; the tire sensors only send a message every 60-90 seconds, giving attackers little opportunity to compromise systems or cause any real damage. Nonetheless, both pieces of research demonstrate that these in-car computers have been designed with ineffective security measures.

    The Rutgers and South Carolina research will be presented at the USENIX Security conference later this week.
     
  2. Jester243

    Jester243 ( ͡° ͜ʖ ͡°)

    Joined:
    Jun 25, 2008
    Member:
    #7552
    Messages:
    9,323
    Gender:
    Male
    First Name:
    Dan
    Spokane, WA
    Vehicle:
    2008 Doublecab 4x4 IRP
    Lifetime LED 70W headlights 10-8-14 (set #2) Sylvania Silverstar fogs, front side windows tinted 27% to match the others, added Tacomaworld.com sticker, suspension TSB as of 7-21-09, Devil Horns by Andres, BFG's, Alpine with Bluetooth and Ipod contols, Rear view mirror relocation bracket, Ultragauge...
  3. Chad

    Chad Rand Paul 2016

    Joined:
    Oct 2, 2008
    Member:
    #9636
    Messages:
    2,750
    Gender:
    Male
    First Name:
    Chad
    Raleigh, NC
    Vehicle:
    09 V6 Access Cab TRD Sport
    Pioneer AVIC-X920BT Headunit -- BHLM -- Pioneer TS-A1685R 4-way Coax Speakers in Front -- Suntek CXP 40 Front Tint -- Access Vanish Roll-up Tonneau -- Wet Okole Seat Covers -- Fog Lights on Anytime -- PnL Powered Tailgate Lock -- DTRL "Stealth Mode" -- LED Footwell and Cup Holder Lights -- Map Lights ON with Dome Light -- Shorty Antenna -- AC Line Extension Mod -- 09+ Access Cab Rear Headrest Removal
    Jamming the accelerator.... Hmmm, I wonder if that what has happened with the "sticky" gas pedals.

    Good find!
     
  4. ktmrider

    ktmrider Senior Member

    Joined:
    Jul 20, 2009
    Member:
    #19933
    Messages:
    5,104
    Gender:
    Male
    Vehicle:
    07 DCLB 4x4 Sport S/C
    Junk
    glad I dont have them, damn cyber car tmps hacker
     
  5. 1337Taco

    1337Taco Slamry

    Joined:
    May 9, 2008
    Member:
    #6504
    Messages:
    7,447
    Gender:
    Male
    First Name:
    Kevin
    NorCal
    Vehicle:
    07 Tacoma Off-Road
    Camburg Spindles, Bilstein Rear plus AAL. 285 Hankook MT.
    Haha, I don't have TPMS. I can't believe this is even possible...
     
  6. 98tacoma27

    98tacoma27 :POOPCORN: Staff Member

    Joined:
    Dec 18, 2008
    Member:
    #11714
    Messages:
    48,253
    Gender:
    Male
    First Name:
    Ben
    Beech Creek
    Vehicle:
    05 Tundra SR5, 88 SR5 PU, 98 TRD OR (CRUSHED)
    5100's all on fours
    Interesting, I don't hink it would work on a Tacoma. The TPMS ECU doesn't appear to be connected to the Main ECU.
     
  7. SlurpeeBlueMetallic

    SlurpeeBlueMetallic [OP] FFFFFFUUUUUUUUUUUUUUU...

    Joined:
    Jun 23, 2009
    Member:
    #18825
    Messages:
    1,666
    Gender:
    Male
    I've hesitated buying after-market wheels just because of the annoyance of getting TPMS to work again or ignoring the warnings. Now maybe I'll look at not having TPMS as an extra bonus.
     
  8. 8th sin

    8th sin Swollen Member

    Joined:
    Dec 7, 2008
    Member:
    #11357
    Messages:
    508
    Gender:
    Male
    Tampa, FL
    Vehicle:
    2015 DCLB 4x4 Sport
    Llumar CTX Tint, Grillcraft MX Upper, Pro Comp Rockwell 5034 17x8.5, Nitto Terra Grappler G2 LT285/70/17, Icon Stage III
    yea, I think in either case the actual risk associated with this is overstated. In any case, I want to talk to these hackers about updating my TPMS ECU with my new sensors. Save me $90!
     
  9. SlurpeeBlueMetallic

    SlurpeeBlueMetallic [OP] FFFFFFUUUUUUUUUUUUUUU...

    Joined:
    Jun 23, 2009
    Member:
    #18825
    Messages:
    1,666
    Gender:
    Male

    Even just knowing I can be tracked so easily is a bit unnerving... sure, there are other ways to track me but most of them I can control by not using a specific device or a specific function within a device. In this case my only option to avoid it is by removing factory-provided gear.
     
  10. SlurpeeBlueMetallic

    SlurpeeBlueMetallic [OP] FFFFFFUUUUUUUUUUUUUUU...

    Joined:
    Jun 23, 2009
    Member:
    #18825
    Messages:
    1,666
    Gender:
    Male

    :rofl::rofl:
     
  11. 8th sin

    8th sin Swollen Member

    Joined:
    Dec 7, 2008
    Member:
    #11357
    Messages:
    508
    Gender:
    Male
    Tampa, FL
    Vehicle:
    2015 DCLB 4x4 Sport
    Llumar CTX Tint, Grillcraft MX Upper, Pro Comp Rockwell 5034 17x8.5, Nitto Terra Grappler G2 LT285/70/17, Icon Stage III
    there's no need to worry about really anything with this...TPMS sensors are very simple devices. They send pressure and temperature readings to a receiver, and that's it.

    Now if a baddie wanted to try and mess with you, he could send a single to the recevier that indicated your pressure was 23049823049823 psi. This *could* cause a buffer overflow and allow him to get at other parts of your ECU that control important things. If the toyota TPMS computer is seperate from the ECU, then there isn't much to worry about. If that were to happen, it would simply light up your TPMS indicator until you were out of range of wherever he was transmitting from.

    they're just TPMS sensors, I wouldn't expect any automaker to design mission-critical security layers into them...it's not like they store your SSN, blood type, bank pin code, etc
     
To Top