Wireless systems in cars may compromise drivers' privacy, pose security threat

By One India

Published: Friday, August 13, 2010, 15:41 [IST]

Washington, Aug 13 (ANI): The advent of new wireless technologies in cars might compromise a driver's privacy and pose a security threat, warn researchers at Rutgers University.

Modern automobiles are increasingly equipped with wireless sensors and devices, such as systems that monitor air pressure inside tires and trigger dashboard warnings if a tire's pressure drops.

And now researchers have shown that these wireless signals can be intercepted 120 feet away from the car using a simple receiver despite the shielding provided by the metal car body.

Since signals in tire pressure monitoring systems (TPMS) include unique codes from each wheel sensor, this raises concerns that drivers' locations could be tracked more easily than through other means, such as capturing images of license plates.

TPMS wireless transmissions also lack security protections common in basic computer networking, such as input validation, data encryption or authentication.

The researchers demonstrated how a transmitter that mimics, or "spoofs," the sensor signal can easily send false readings and trigger a car's dashboard warning display.

This could prompt a driver into stopping his or her car when there is actually nothing wrong with the tires.

"We have not heard of any security compromises to-date, but it's our mission as privacy and security researchers to identify potential problems before they become widespread and serious," said Marco Gruteser, associate professor of electrical and computer engineering and a member of the university's Wireless Information Network Laboratory (WINLAB).

He noted that tire pressure monitoring is the first widespread use of in-car wireless networking, and because of the increasing cost and complexity of wired electronic systems, it's reasonable to expect other aspects of automobile operation to come under wireless control.

"A spoofed signal could potentially cause serious safety concerns if stability control or anti-lock braking systems relied on the data. So we are sounding the alarm right now," he said.

Gruteser acknowledged that intercepting and spoofing signals is not a casual effort.

But the fact that people with college-level engineering expertise could carry out those actions using publicly available radio and computer equipment costing a few thousand dollars shows that systems are vulnerable.

"While we agree this technology is essential for driver safety, more can be done to improve security, such as using input validation or encryption," said Wade Trappe, a collaborator on the project who is an associate professor of electrical and computer engineering and associate director of WINLAB.

The researchers presented results of their work at the USENIX Security Symposium, one of the premiere academic computer security conferences. (ANI)

Published On August 13, 2010