Unveiling High-Tech Sabotage: How Hacking Wireless Shifters Could Impact Bike Racing

Professional cycling has faced numerous cheating scandals and unethical practices in recent times. Performance-enhancing drugs, tacks scattered across race tracks, and even concealed motors within bike wheels have all been part of the sport’s darker side.

Currently, cyclists who neglect to update their gear shifter software might also face threats from virtual saboteurs. At the recent Usenix Security Symposium, experts from UC San Diego and Northeastern University demonstrated a method that could enable someone with minimal equipment to compromise Shimano wireless gear-shifting systems, which are used by top cycling teams at major competitions like the Olympics and the Tour de France. They showcased a simple radio attack that could, from up to 30 feet away, force a bike to shift gears unexpectedly or jam the gear system, possibly locking it in an undesirable gear.

This technique could severely disadvantage a competitor, especially during critical race moments like uphill climbs. “The capability is full control of the gears. Imagine climbing a steep incline during a stage of the Tour de France and suddenly your bike shifts from a low gear to a higher one. It could cost you significantly,” mentioned Earlence Fernandes, an assistant professor at UCSD’s Computer Science and Engineering department. “Or, if a racer is sprinting and the gear unexpectedly shifts down, it could lead to a crash.”

Here’s a discussion of the researchers’ hacking technique:

The researchers’ method leverages the advanced electronic aspects of contemporary high-end bicycles, equipped with digital components such as power meters, wireless control for fork suspensions, and wireless shifters. “Modern bicycles are cyber-physical systems,” state the researchers in their Usenix paper. Professional cyclists predominantly utilize electronic shifters, designed to receive digital commands from the bike’s handlebar controls to swap gears on the bicycle with higher reliability than mechanical shift duties. Notably, conventional wired electronic shifters are increasingly being replaced by wireless models that connect through Bluetooth, like Shimano’s widely acclaimed Di2 wireless shifters, which were the main focus of this analysis.

The researchers’ method involves exploiting these wireless components to undermine a specific target bicycle. This process requires a hacker to initially capture the gear-shift signals of the target before executing their attack. These signals can be captured and even replayed months later, putting the control of gear shifts into the hands of the hacker when desired.

To perform this eavesdropping and subsequent replay attack, the researchers employed a $300 software-defined radio, an antenna, and a laptop. They highlighted that their equipment could be further compacted to such a size that it could be concealed at race sidelines, inside a cycling team car, or even in a cyclist’s jersey back pocket, potentially using a device like a Raspberry Pi.

Jamming wireless shifters with that toolkit would be considerably easier than even replay attacks, the researchers say. While a jamming attack could prevent a specific rider from shifting gears if a hacker were able to first pick up one of their wireless shifting signals, a saboteur could also simply broadcast a jamming signal at the frequency used by all Shimano shifters, potentially disrupting a large group of racers. The researchers even say that it would be possible to read the shifting signals from an entire peloton of cyclists and then jam everyone except a chosen rider. “You can basically jam everyone except you,” says Northeastern professor Aanjhan Ranganathan, another author of the paper.

The researchers first reached out to Shimano about their research in March, and the company’s engineers worked with them closely to develop a patch. A Shimano spokesperson wrote in a statement to WIRED that the company “identified and created a new firmware update to enhance the security of the Di2 wireless communication systems.”

Shimano says it has provided that firmware update to the professional cycling teams that use its components. But it says its fix won’t be more widely available until late August and declined to explain exactly how its update prevents the attacks the researchers identified. “We can share that this update is intended to improve wireless transmission across Shimano Di2 component platforms,” the company writes. “We cannot share details on the exact fix at this moment, for obvious security reasons.”

Exactly how the patch will be deployed to customers isn’t quite clear either. The company writes that “riders can perform a firmware update on the rear derailleur” using Shimano’s E-TUBE Cyclist smartphone app. But it fails to mention whether the fix will apply to the front derailleur. “More information about this process and steps riders can take to update their Di2 systems will be available shortly,” it concludes.

While Shimano’s response plan introduces a delay of a week or two between the public presentation of a bicycle-hacking method at Usenix and the widespread delivery of a solution to customers, UCSD professor Fernandes believes it is improbable that average cyclists will immediately fall prey to this technique. “I find it hard to believe that someone will want to launch such an attack on me during my Saturday group ride,” Fernandes states.

However, professional cyclists are advised to apply the early update provided by Shimano, according to the researchers. They also point out that other brands with wireless shifters could be susceptible to similar hacking strategies. They only targeted Shimano originally due to its predominant market presence.

In the fiercely competitive world of professional cycling, which has been pervasively shaken by doping scandals over the past decades, the concept of competitors hacking each other’s shifters could become a reality. “This is, in our opinion, a different kind of doping,” claims Fernandes. “It leaves no trace, and it enables cheating in the sport.”

Furthermore, the researchers present their investigation into radio-based bicycle hacking as a warning about the risks of integrating wireless electronic functionalities into various technologies—from garage doors to cars to bicycles. They highlight that this widespread trend has inadvertently made these devices vulnerable to replay and jamming attacks, issues that Shimano is urgently trying to resolve.

“This is a repeating pattern,” says Northeastern’s Ranganathan, who has also developed solutions for replay attacks on cars’ keyless entry systems. “When manufacturers start putting in wireless features in their products, it has an impact on real-world control systems. And that can cause real physical harm.”

Total
0
Shares
Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Article

First Impressions of ChatGPT's Advanced Voice Mode: A Mix of Amusement and Eeriness

Next Article

Dustborn Review: In a World Where Words Can Wound

Related Posts