Researchers from two US universities have successfully crashed a car's electronic control unit (ECU) via its wireless tyre pressure monitoring system (TPMS).
Tyre pressure monitoring systems often employ sensors in each wheel that communicate wirelessly to a car's ECU, which is responsible for coordinating a car's various elements, ranging from the engine and traction and stability control systems to the central-locking and telephone units. Since 2008, all new vehicles sold in the US must come with tyre pressure monitors.
Using computer and radio equipment valued at about US$1500, the researchers were able to intercept and eventually interpret the signals sent out wirelessly by the tyre pressure monitors every 60 or 90 seconds.
In some cases they were able to fake messages to a car's ECU, so erroneous readings would show up on the dashboard, or cause the ECU to crash completely. They were also able to use the unique identifiers sent out by each car's tyre pressure monitors to track vehicles.
The researchers from the University of South Carolina and Rutgers University in New Jersey say that drivers have nothing to fear yet, but that car makers and part suppliers should work on building more security into their systems instead of relying on the sheer obscurity of the protocols used. The research teams will discuss their findings further at this week's USENIX Security conference in Washington, DC.