Exploring Vulnerabilities in Tire Pressure Monitoring Systems (TPMS) with a HackRF

Over on YouTube the channel "Lead Cyber Solutions" has uploaded a video presentation for the Cyber Skills Competition. In the video Christopher Flatley, James Pak and Thomas Vaccaro discuss a man-in-the-middle attack that can be performed on vehicle Tire Pressure Monitoring Systems (TPMS) with a transmit capable SDR such as a HackRF.

A TPMS system consists of small battery powered wireless sensors placed on a vehicles wheels which automatically monitor tire pressure. An LCD basestation usually exists on the dashboard of the car indicating live tire pressure. Most modern cars come with this feature, and it is simple to retrofit an older car with an aftermarket TPMS system.

The idea behind the vulnerability is that a HackRF can be used to reverse engineer the TMPS signal, and then re-transmit a new fake signal that causes the base station to read the tire pressure as low. This can set off an alarm in the car and possibly cause someone to pull over. More alarmingly, they discuss how tractors have automatic tire inflation systems which work using similar sensors. A false low pressure reading could cause the tractor tires to over inflate and be damaged.

Vulnerabilities in Vehicle TPMS (Exploit & Hacking)

In the past we have also posted about Jared Boon's work on TPMS where he shows how privacy could be breached by monitoring and tracking TPMS identifiers.

Tweet
Share54
Reddit
Vote
Email
54 Shares

Related posts:

  1. Receiving and Decoding Tire Pressure Monitor Systems using an RTL-SDR
  2. Hacking Alarm Systems with an RTL-SDR and RFcat
  3. Testing the HackRF and Portapack with an LNA4ALL
  4. Talk: Monitoring the Spectrum: Building Your Own Distributed RF Scanner Array
  5. Transmitting ADS-B with a HackRF and Receiving it with an RTL-SDR
Subscribe
Notify of
guest

0 Comments
Inline Feedbacks
View all comments