IoT Security

Researchers Uncover Method to Track Cars via Tire Sensors

Using low-cost receivers deployed along roads, academic researchers tracked drivers and their movement patterns.

Tire pressure sensor hacking

Data transmissions from tire pressure sensors can be captured using low-cost equipment placed along roads to track drivers, academic researchers have demonstrated.

The Tire Pressure Monitoring System (TPMS), which is now mandatory in vehicles worldwide for improved safety and maintenance, transmits a unique identifier in clear text, exposing the transmissions to eavesdropping and potential tracking.

Academics from Spain, Switzerland, and Luxembourg have published a research paper (PDF) on how low-cost receivers can be used to capture these unencrypted passive transmissions to infer car movement patterns.

They deployed five receivers that, for 10 weeks, captured over 6 million TPMS messages from approximately 20,000 vehicles.

Because the unique identifier transmitted by the TPMS does not change throughout the life of the tire, the researchers were able to match the signals to cars and track a set of verified cars.

“Our results show that TPMS transmissions can be used to systematically infer potentially sensitive information such as the presence, type, weight, or driving pattern of the driver,” the academics note.

Advertisement. Scroll to continue reading.

Easily deployable, each receiver costs roughly $100, making the tracking system rather affordable and demonstrating that car makers should reconsider the use of plain text wireless transmission, the researchers explain.

“TPMS transmissions are sent without any encryption or secure mechanisms and include a unique identifier. This allows anyone with affordable equipment like a low-cost spectrum receiver and a standard off-the-shelf antenna to capture and track them throughout time and space,” the academics say.

The researchers argue that attackers could deploy such receivers at scale for mass tracking of drivers. Attackers could combine the passive tracking with active spoofing of sensor signals, sending fake flat tire alerts to trucks to force stops and hijack their cargo, the academics note.

According to the researchers, an attacker could also link TPMS sensors with a specific person of interest, for targeted tracking using publicly available software-defined radios.

“Attackers can use this information to learn, predict, and exploit a person’s movements, points of interest, and behavior patterns,” they note.

Related: Old Attack, New Speed: Researchers Optimize Page Cache Exploits

Related: WhisperPair Attack Leaves Millions of Audio Accessories Open to Hijacking

Related: ‘ZombieAgent’ Attack Let Researchers Take Over ChatGPT

Related: Researchers Expose WHILL Wheelchair Safety Risks via Remote Hacking

Related Content

Privacy

The ruling was made in the case of a bank robber whose identity was discovered through a geofence warrant.

Privacy

The vulnerability is tracked as CVE-2026-6770 and it has been patched with the release of Firefox 150 and Tor 15.0.10.

Data Breaches

The hackers stole internal IDs, names, email addresses, and business partner IDs from an internal management system.

Data Breaches

LKQ said the personal information of thousands of individuals was compromised as a result of the hacker attack.

Privacy

Mozilla has implemented fresh fingerprinting protections to prevent hidden trackers from identifying Firefox users.

IoT Security

Set for January 2026 at Automotive World in Tokyo, the contest will have six categories, including Tesla, infotainment systems, EV chargers, and automotive OSes.

Data Breaches

The company says customer contact information was stolen from a third-party service provider’s platform.

IoT Security

Oligo Security has shared details on an Apple CarPlay attack that hackers may be able to launch without any interaction.

Copyright © 2026 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version