Tire pressure "transmissions are sent without any encryption or secure mechanisms and include a unique identifier.
-
Tire pressure "transmissions are sent without any encryption or secure mechanisms and include a unique identifier. This allows anyone with affordable equipment like a low-cost spectrum receiver and a standard off-the-shelf antenna to capture and track them throughout time and space."
-
Tire pressure "transmissions are sent without any encryption or secure mechanisms and include a unique identifier. This allows anyone with affordable equipment like a low-cost spectrum receiver and a standard off-the-shelf antenna to capture and track them throughout time and space."
@dangoodin lovely side channel
-
Tire pressure "transmissions are sent without any encryption or secure mechanisms and include a unique identifier. This allows anyone with affordable equipment like a low-cost spectrum receiver and a standard off-the-shelf antenna to capture and track them throughout time and space."
@dangoodin I can hear them now "BuT I'vE gOt NoThInG tO hIdE"
-
Tire pressure "transmissions are sent without any encryption or secure mechanisms and include a unique identifier. This allows anyone with affordable equipment like a low-cost spectrum receiver and a standard off-the-shelf antenna to capture and track them throughout time and space."
@dangoodin That would be bad if we didn't already have license plate readers everywhere, but we are all already being tracked whenever we drive. Receivers for these signals aren't going to be much cheaper than license plate cameras. I guess they would be easier to hide though.
-
Tire pressure "transmissions are sent without any encryption or secure mechanisms and include a unique identifier. This allows anyone with affordable equipment like a low-cost spectrum receiver and a standard off-the-shelf antenna to capture and track them throughout time and space."
@dangoodin
Use this to track ICE around. Especially since they switch plates. -
Tire pressure "transmissions are sent without any encryption or secure mechanisms and include a unique identifier. This allows anyone with affordable equipment like a low-cost spectrum receiver and a standard off-the-shelf antenna to capture and track them throughout time and space."
@dangoodin easy as buying something and navigating a menu
-
@dangoodin easy as buying something and navigating a menu
Please say more. What does one buy? How easy is it for people with only intermediate tech skills to do? Are there any tutorials explaining all of this?
-
Please say more. What does one buy? How easy is it for people with only intermediate tech skills to do? Are there any tutorials explaining all of this?
@dangoodin @ghostsarespooky This is a screenshot from a HackRF with PortaPack. TPMS decoding has been a feature since the introduction of PortaPack H1 by Jared Boone in 2014, and he gave some talks about TPMS at hacker cons around that time.
-
@dangoodin @ghostsarespooky This is a screenshot from a HackRF with PortaPack. TPMS decoding has been a feature since the introduction of PortaPack H1 by Jared Boone in 2014, and he gave some talks about TPMS at hacker cons around that time.
Interesting. So is the idea to regularly change the TPMS?
-
Please say more. What does one buy? How easy is it for people with only intermediate tech skills to do? Are there any tutorials explaining all of this?
@dangoodin Hi! It's super easy, pretty much anyone with basic tech skills and good reading comprehension can do this.
The device I have is a "Mayhem Portapack H4M" (as Michael noted in another reply), which is basically a controller with a display sitting on top of a HackRF SDR.
There are tutorials/videos/discord servers, just takes a quick search online.
Changing TPMS devices, though, is really not fun, and not easy, since they are connected to the valve stems in the tires of a vehicle, and are usually $50/each to replace and require unmounting the tire from the rim (at least partially).
-
@dangoodin Hi! It's super easy, pretty much anyone with basic tech skills and good reading comprehension can do this.
The device I have is a "Mayhem Portapack H4M" (as Michael noted in another reply), which is basically a controller with a display sitting on top of a HackRF SDR.
There are tutorials/videos/discord servers, just takes a quick search online.
Changing TPMS devices, though, is really not fun, and not easy, since they are connected to the valve stems in the tires of a vehicle, and are usually $50/each to replace and require unmounting the tire from the rim (at least partially).
Very cool. Now I want to do it for my vehicle. How do I get started? Has anyone put together a how-to article?
-
Interesting. So is the idea to regularly change the TPMS?
@dangoodin not wireless would be great (edit: that’s non trivial to do)
Don’t they need to power the sensor, hook it up to the car’s mini grid?
-
Tire pressure "transmissions are sent without any encryption or secure mechanisms and include a unique identifier. This allows anyone with affordable equipment like a low-cost spectrum receiver and a standard off-the-shelf antenna to capture and track them throughout time and space."
@dangoodin See also Russ Handorf (@dntlookbehindu) 'SoHo Sigint' at ShmooCon in 2020, too - https://www.youtube.com/watch?v=axDXgxGCc7E
Kismet has had SDR+TPMS for a while too (2017-18 it looks like)
I wouldn't say they're globally unique serials, but locally informational enough for sure (kind of like a MAC address).
-
Interesting. So is the idea to regularly change the TPMS?
@dangoodin @ghostsarespooky I'm not sure what you mean by "the idea". Here are slides and video from Jared's talk at ToorCon 2013 (which actually predates PortaPack): https://www.sharebrained.com/2015/01/31/tire-pressure-monitoring-system-tpms-talk/
-
@dangoodin @ghostsarespooky I'm not sure what you mean by "the idea". Here are slides and video from Jared's talk at ToorCon 2013 (which actually predates PortaPack): https://www.sharebrained.com/2015/01/31/tire-pressure-monitoring-system-tpms-talk/
I'll rephrase: To prevent TPMS from identifying my vehicle, do I use this kit to regularly change my TPMS? If not, how does this mitigation work?
-
I'll rephrase: To prevent TPMS from identifying my vehicle, do I use this kit to regularly change my TPMS? If not, how does this mitigation work?
@dangoodin @ghostsarespooky Ah, thank you. These tools (HackRF, PortaPack, Kismet) can monitor transmissions from sensors but do not provide any mitigation for privacy concerns.
-
@dangoodin @ghostsarespooky Ah, thank you. These tools (HackRF, PortaPack, Kismet) can monitor transmissions from sensors but do not provide any mitigation for privacy concerns.
OK, so it's just for tracking people's TPMS? It's not for changing your own?
-
Tire pressure "transmissions are sent without any encryption or secure mechanisms and include a unique identifier. This allows anyone with affordable equipment like a low-cost spectrum receiver and a standard off-the-shelf antenna to capture and track them throughout time and space."
@dangoodin This is not new.
For several *years* the local "catgirl intelligence agency" has got a SMS alert any time I drove within TPMS range of their house.
-
OK, so it's just for tracking people's TPMS? It's not for changing your own?
@dangoodin @mossmann 100%, TPMS devices (usually attached to the valve stems in the tires) have serial numbers baked in, there's no mitigation other than removing or replacing them.
At a quick glance, Jeremiah's video here looks like a decent explainer: https://www.youtube.com/watch?v=X7j4Of_u_fM
-
OK, so it's just for tracking people's TPMS? It's not for changing your own?
@dangoodin @ghostsarespooky Correct. As far as I know, the only mitigation is to physically remove sensors from your tires or to replace them with new sensors with different IDs. Each sensor (one in each tire) has a unique ID. When they are replaced, there is a process to register those IDs with the vehicle. This programs the vehicle to recognize new sensors; it does not program the sensors themselves.
-
R relay@relay.infosec.exchange shared this topic
