Researchers from Rutgers University and the University of Southern California conducted a successful experiment
to intercept information that comes from RFID tire pressure sensors to a central vehicle control system. Moreover, they were convinced that the information could be changed and the information about the lowered wheels could be sent to the central computer (then red lights would blink on the instrument panel, confusing the driver).
The method works in two stages. First, the receiver reads unique 32-bit identifiers from each RFID sensor on the tires. Then it becomes possible to substitute the signal that goes from these sensors to the central computer. Substitution is possible at a distance of 40 meters from the car.
To the surprise of the researchers, they found out
that the tire pressure controller in some cars can be disabled if you give it specially selected “impossible data” about pressure, and the performance is not restored even after restarting the computer.
The problem is that such a wireless tire pressure information system is required by law
to be installed on all new cars in the USA since 2008 (in Europe, a similar law will be in effect from 2012). So potentially every new car is vulnerable.
The good side is that each tire manufacturer supplies its own production receivers (they cost about $ 1500 each), so in one way you cannot scan all the cars on the road.
In addition, researchers are sympathetic to the lack of authentication and all kinds of security in such systems. They say that this is the first implementation of the technology, where the developers tried to at least make a working system, and only then thought about security.
The researchers also note that in its current form, wireless tire identification technology is ideal for creating a database of vehicles with the organization of a universal tracking system on a national scale. Perhaps it was for this purpose that laws were passed on the mandatory installation of such RFID on all new cars.
The researchers will present the results of their work on August 12, 2010 at the USENIX Security '10 conference.