Resumen

Tire Pressure Monitoring System (TPMS) transmissions of modern cars are sent over the air in clear text and entail a unique identifier that does not change over very long periods of time. In this work, we investigate the privacy implications for car owners of this design choice by collecting and analyzing TPMS transmissions from a network of low-cost spectrum receivers that we deploy along the road over a period of 10 weeks. Our measurement study comprises data from 12 verified cars, but malicious actors could easily scale their efforts to track several thousands of cars, given that we observed at least 20k cars during our measurements. Our results show that TPMS transmissions can be used to systematically infer potentially sensitive information such as the presence, type, weight, or driving pattern of the driver. The affordability of the equipment to cause these threats, as low as $100 per receiver, urges policymakers and car manufacturers to design a more secure and privacy-preserving TPMS for future cars.