Security and privacy vulnerabilities of in-car wireless networks: A tire pressure monitoring system case study

Ishtiaq Rouf, Rob Miller, Hossen Mustafa, Travis Taylor, Sangho Oh, Wenyuan Xu, Marco Gruteser, Wade Trappe, Ivan Seskar

Research output: Chapter in Book/Report/Conference proceedingConference contribution

202 Scopus citations

Abstract

Wireless networks are being integrated into the modern automobile. The security and privacy implications of such in-car networks, however, have are not well understood as their transmissions propagate beyond the confines of a car’s body. To understand the risks associated with these wireless systems, this paper presents a privacy and security evaluation of wireless Tire Pressure Monitoring Systems using both laboratory experiments with isolated tire pressure sensor modules and experiments with a complete vehicle system. We show that eavesdropping is easily possible at a distance of roughly 40m from a passing vehicle. Further, reverse-engineering of the underlying protocols revealed static 32 bit identifiers and that messages can be easily triggered remotely, which raises privacy concerns as vehicles can be tracked through these identifiers. Further, current protocols do not employ authentication and vehicle implementations do not perform basic input validation, thereby allowing for remote spoofing of sensor messages. We validated this experimentally by triggering tire pressure warning messages in a moving vehicle from a customized software radio attack platform located in a nearby vehicle. Finally, the paper concludes with a set of recommendations for improving the privacy and security of tire pressure monitoring systems and other forthcoming in-car wireless sensor networks.

Original languageEnglish (US)
Title of host publicationProceedings of the 19th USENIX Security Symposium
PublisherUSENIX Association
Pages323-338
Number of pages16
ISBN (Electronic)9781931971775
StatePublished - Jan 1 2010
Event19th USENIX Security Symposium - Washington, United States
Duration: Aug 11 2010Aug 13 2010

Publication series

NameProceedings of the 19th USENIX Security Symposium

Conference

Conference19th USENIX Security Symposium
Country/TerritoryUnited States
CityWashington
Period8/11/108/13/10

All Science Journal Classification (ASJC) codes

  • Computer Networks and Communications
  • Information Systems
  • Safety, Risk, Reliability and Quality

Fingerprint

Dive into the research topics of 'Security and privacy vulnerabilities of in-car wireless networks: A tire pressure monitoring system case study'. Together they form a unique fingerprint.

Cite this