Friend
Professional
- Messages
- 2,653
- Reaction score
- 851
- Points
- 113
High-level riders have a new kind of sabotage to worry about.
Researchers from the University of California, San Diego, and Northeastern University have uncovered a potential vulnerability in wireless shifting tools used by professional cyclists. This flaw could allow hackers to remotely manipulate the movement of the bike during the race.
Today's high-end bikes are increasingly equipped with electronic components. These include power meters and wireless fork control systems. Almost all professional athletes now use electronic gear shifters. Such devices respond to digital signals from the controls on the steering wheel, providing more accurate and reliable shifting compared to mechanical systems.
Scientists have demonstrated that with equipment costing only a few hundred dollars, it is possible to hack Shimano systems, which are widely used by the world's leading cycling teams, including at such prestigious competitions as the Olympic Games and the Tour de France.
The developed attack model allows you to simulate signals from a distance of up to 9 meters, causing unexpected gear changes on the target bike. In addition, hackers can lock the derailleurs by locking the bike in the wrong gear.
According to Erlens Fernandez, an assistant professor in the UCSD Department of Computer Science and Engineering, such manipulations can seriously interfere with the rider on the climb or even cause dangerous instability on extreme sections of the track. "Imagine you're climbing a hill in a stage of the Tour de France: if someone switches your bike from easy gear to heavy gear, you'll lose time," Fernandez explains.
To exploit the vulnerability, a hacker would first need to intercept the gearshift signals of the target bike. You can reproduce them even months later. The experiment required a $300 software-defined radio, antennas, and a laptop. According to the researchers, this set of equipment can be reduced so much that it can be hidden on the side of the track, in the car of the cycling team or even in the back pocket of the rider.
It turned out that jamming wireless switches with such a device is much easier than attacks with the reproduction of signals. According to scientists, it is even possible to read shift signals from an entire group of cyclists (peloton) and then jam the gears of all but one person.
Shimano, having learned of the results of the study in March, worked closely with scientists to release a fix as soon as possible. A spokesperson for Shimano recently stated that the company has "created a new firmware version to improve the security of Di2 wireless communication systems."
A fix has already been provided to professional cycling teams using Shimano components. However, it will not be available to the general public until the end of August. The company does not disclose the exact details for security reasons.
The process of deploying the patch to customers is not yet completely transparent. The company says that "riders can perform a firmware update on the rear derailleur" using an app for theI have Shimano E-TUBE Cyclist smartphones. However, it is not mentioned whether the patch will apply to the front derailleur.
Professor Fernandez believes it is unlikely that ordinary cyclists will be targeted for such an attack, at least not anytime soon. However, professional racers still need to upgrade.
According to experts, other brands of wireless switches can also be vulnerable to similar hacking methods. They focused on Shimano only because this company has the largest market share.
In the world of professional cycling, which has been rocked by doping scandals in recent decades, hacking competitors' switches may well become a reality. "This, in our opinion, is a different type of doping," says Fernandez. "It just doesn't leave any traces."
More broadly, the researchers see their work as a warning of the implications of the widespread adoption of wireless electronic features in technologies ranging from garage doors to cars and bicycles.
Researchers from the University of California, San Diego, and Northeastern University have uncovered a potential vulnerability in wireless shifting tools used by professional cyclists. This flaw could allow hackers to remotely manipulate the movement of the bike during the race.
Today's high-end bikes are increasingly equipped with electronic components. These include power meters and wireless fork control systems. Almost all professional athletes now use electronic gear shifters. Such devices respond to digital signals from the controls on the steering wheel, providing more accurate and reliable shifting compared to mechanical systems.
Scientists have demonstrated that with equipment costing only a few hundred dollars, it is possible to hack Shimano systems, which are widely used by the world's leading cycling teams, including at such prestigious competitions as the Olympic Games and the Tour de France.
The developed attack model allows you to simulate signals from a distance of up to 9 meters, causing unexpected gear changes on the target bike. In addition, hackers can lock the derailleurs by locking the bike in the wrong gear.
According to Erlens Fernandez, an assistant professor in the UCSD Department of Computer Science and Engineering, such manipulations can seriously interfere with the rider on the climb or even cause dangerous instability on extreme sections of the track. "Imagine you're climbing a hill in a stage of the Tour de France: if someone switches your bike from easy gear to heavy gear, you'll lose time," Fernandez explains.
To exploit the vulnerability, a hacker would first need to intercept the gearshift signals of the target bike. You can reproduce them even months later. The experiment required a $300 software-defined radio, antennas, and a laptop. According to the researchers, this set of equipment can be reduced so much that it can be hidden on the side of the track, in the car of the cycling team or even in the back pocket of the rider.
It turned out that jamming wireless switches with such a device is much easier than attacks with the reproduction of signals. According to scientists, it is even possible to read shift signals from an entire group of cyclists (peloton) and then jam the gears of all but one person.
Shimano, having learned of the results of the study in March, worked closely with scientists to release a fix as soon as possible. A spokesperson for Shimano recently stated that the company has "created a new firmware version to improve the security of Di2 wireless communication systems."
A fix has already been provided to professional cycling teams using Shimano components. However, it will not be available to the general public until the end of August. The company does not disclose the exact details for security reasons.
The process of deploying the patch to customers is not yet completely transparent. The company says that "riders can perform a firmware update on the rear derailleur" using an app for theI have Shimano E-TUBE Cyclist smartphones. However, it is not mentioned whether the patch will apply to the front derailleur.
Professor Fernandez believes it is unlikely that ordinary cyclists will be targeted for such an attack, at least not anytime soon. However, professional racers still need to upgrade.
According to experts, other brands of wireless switches can also be vulnerable to similar hacking methods. They focused on Shimano only because this company has the largest market share.
In the world of professional cycling, which has been rocked by doping scandals in recent decades, hacking competitors' switches may well become a reality. "This, in our opinion, is a different type of doping," says Fernandez. "It just doesn't leave any traces."
More broadly, the researchers see their work as a warning of the implications of the widespread adoption of wireless electronic features in technologies ranging from garage doors to cars and bicycles.
