What until now was seen as a simple safety system for monitoring tire pressure It has become the center of a debate on surveillance and personal data. A European investigation led from Madrid argues that these sensors allow, in practice, silently track the movements of thousands of vehicles without their owners finding out.
The work, driven by the Madrid Institute for Advanced Studies IMDEA Networks Together with several partners from the continent, it points to a risk that had gone almost unnoticed: the wireless signals of the tire pressure monitoring system (TPMS) They are transmitted without encryption and with unique identifiersThis opens the door for anyone with relatively simple equipment to rebuild. driving itineraries, schedules and routines.
What is TPMS and why is it in almost all cars?
El Tire Pressure Monitoring System (TPMS) It has become standard equipment in the vehicle fleet. In the European Union mandatory for new passenger cars since 2014, following a gradual implementation that began in 2012 with the new models, and has been required in the United States since the mid-2000s. Its official objective is clear: improve road safety, reduce blowouts, detect punctures in time and optimize fuel consumption and emissions.
In vehicles equipped with direct TPMS, Each wheel has a small sensor inside the tireThis device measures pressure and, in many cases, temperature as well, and periodically sends the information to the on-board computer via a radio signal. When the pressure falls below certain thresholds, the instrument cluster a warning light illuminates so the driver can check the wheels.
These systems have already been in place. almost two decades deployed in the market without major changes to the design of their wireless communications. When they were designed, the priority was ensuring reliable driver alerts, not so much protecting the information traveling through the air. That lack of focus on the automotive cybersecurity That is precisely what the researchers are now pointing out.
It is important to distinguish, as the IMDEA team itself does, between Direct and indirect TPMSDirect systems use sensors that emit radio frequencies and can therefore be intercepted. Indirect systems calculate pressure from other systems such as ABS or stability control. they do not generate identifiable signalsTherefore, they do not present this same tracking problem.
IMDEA Networks' discovery: millions of signals and 20.000 vehicles
To test the extent to which TPMS can be used as a surveillance tool, researchers at IMDEA Networks conducted a ten-week field studyDuring that period, they deployed a low-cost radio receiver network at strategic points: sections of road, access and exit points, open-air parking areas and parking lots.
Each of those receivers, the team details, cost around $100 (about 90-100 euros) and could run on hardware as affordable as a Raspberry Pi and a simple radio moduleWith that minimal infrastructure, they managed to collect over six million wireless messages originating from around 20.000 different vehicles.
The data collected included both functional information about the system —primarily tire pressure readings— as another, much more sensitive element: a unique identifier associated with each sensorBy analyzing these codes over time and in different locations, the team was able to reconstruct movement patterns of specific cars.
Domenico Giustiniano, research professor at IMDEA Networks and one of the authors of the paper, summarizes the scope of the problem: “These signals can be used to track vehicles and learn their movement patterns.”From there, one can infer daily routines such as arrival times at work, recurring visits to certain areas, or long-distance travel habits.
The researchers went a step further and They developed methods to group the signals from the four tires of the same vehicleThis wheel pairing allows for even finer identification, reducing errors and to locate more precisely when a car arrives, leaves, or repeats routes in an urban or interurban environment.
Why TPMS signals are ideal for tracking
One of the most delicate aspects of the problem is that the TPMS It does not require line of sightUnlike traffic cameras or automatic license plate readers, the radio signals emitted by the sensors travel through the air and They can pass through walls, other vehicles, and structural elements. with relative ease, making it possible to receive the signal even when the car is not visible.
In the tests carried out, the IMDEA team demonstrated that TPMS emissions They are captured from distances greater than 50 metersboth with the vehicles in motion and when they are parked inside buildingsIn other words, a receiver placed on a street or at the entrance of a covered parking lot can listen to passing cars and those parked inside.
The key element is that each pressure sensor transmits a Fixed and unique IDThat identifier does not change over time nor does it depend on the license plate or the driver; it is, in practice, a “wireless license plate” that accompanies the vehicle throughout its entire lifespan. Since it is not protected by techniques of encryption or authenticationIt can be captured by anyone with a suitable receiver.
In addition to identification, data frames include pressure readingsAt first glance, it may seem like an irrelevant piece of information, but combined with other elements, it allows us to infer details such as whether the vehicle is light or heavy, whether it usually travels loaded or empty, or distinguish between a car and a truck based on pressure ranges and their behavior over time.
All of this makes TPMS a monitoring tool with several advantages over image-based systems. It does not depend on the lighting nor the location of the cameras, it does not require complex visual processing and, above all, It's cheaper and more discreet.A network of small receivers scattered throughout a city could record the passage of vehicles for months without raising suspicion.
From road safety to pending cybersecurity
The researchers insist that the original goal of TPMS is and remains Reduce accidents caused by worn tiresThe problem lies not in the function, but in the design of the communications.The TPMS was designed for road safety, not cybersecurity.“Recalls researcher Yago Lizarribar, who participated in the study during his time at IMDEA Networks.
Currently, most of the Cybersecurity regulations applied to vehicles in Europe It focuses on more visible connected systems: telematics units, software updates, mobile connectivity, remote access, and so on. However, the sensors considered “safety”, such as tire pressure, are hardly ever specifically mentioned in regulatory texts.
This lack of specific requirements means that many components continue to use plain text protocolswithout encryption or minimal authentication mechanisms. The IMDEA team summarizes the risk starkly: as long as sensors continue to transmit unprotected, fixed identifiers, They will continue to be an easy target for passive surveillance by third parties.
The constant advance towards the connected and, in some cases, automated vehicle increases the surface area exposed. Alessio Scalingi, former doctoral student at IMDEA and currently a professor at Carlos III University of Madrid, emphasizes that Data that seems innocuous can become powerful identifiers when collected on a large scaleIt's not just about one specific car, but about map complete mobility flows in neighborhoods, industrial parks or interurban axes.
In this context, the TPMS illustrates a broader problem: Many vehicle sensors were born in an analog environment.These technologies, with limited connectivity, have been integrated into increasingly digital platforms without a thorough security review. The result is a patchwork of technologies where highly secure modules coexist with others that continue to communicate as they did twenty years ago.
Additional risks and potential malicious uses
Beyond the systematic tracking of routes, the research points to other potentially undesirable uses of these signals. The fact that TPMS transmits open information makes it technically feasible, for example, inject fake messages that simulate a puncture or a sudden drop in pressure. This could force an unexpected stop of the driver in a specific location.
Although these situations did not form the core of the IMDEA study, they are mentioned as theoretical attack scenarios These illustrate how exposed some of the car's electronic systems are. An attacker with sufficient knowledge could cause non-existent pressure alerts at a specific point on a road, with the security and public order implications that this could entail.
There is also concern that, in the case of transport fleets or delivery vehicles, the combination of TPMS identifiers and charging patterns This allows us to deduce when a truck is usually loaded, what routes it follows, or at what times it is most vulnerable. For companies and government agencies, this opens a debate about protection of logistics information and critical infrastructure.
Experts point out that the problem is not unique to one country. Given that The mandatory use of TPMS affects a large part of Europe and other developed markets.The potential tracking area encompasses a very large volume of vehicles. From Spain to other Member States, millions of cars, vans, and trucks are currently on the road with tire pressure sensors that share a very similar architecture.
Therefore, a question of scale arises: what an amateur can technically do with a cheap receiver, It could also be done by an actor with more resources. and the capacity to deploy an extensive network of sensors. Hence the team's insistence that it is a system design problem, not a problem of isolated cases.
What is proposed to protect drivers' privacy?
Given this situation, the IMDEA Networks group proposes several courses of action. The first, almost common sense in the field of communications, is incorporate encryption and digital authentication to TPMS emissions. Encrypting the content would prevent a third party from interpreting the pressure data and identifying the vehicle, while authentication mechanisms would make it difficult to inject false messages.
Another option being considered is Avoid using static identifiersInstead of a fixed ID associated with the sensor for life, one could use rotating identifiers or changing pseudonymsThis is similar to what is done in some mobile applications and in privacy protocols for wireless communications. Thus, even if someone were to capture a signal, it would cost them much more. to follow the trail of the same car over time.
The team also encourages manufacturers to review existing architectures and consider, where feasible, the use of indirect systems or hybrid designs that reduce dependence on identifiable radiofrequencyIn any case, the researchers are aware that these changes cannot be made overnight, as they affect approved components and global supply chains.
In parallel, European and national regulators are being urged to explicitly include systems such as TPMS in vehicle cybersecurity regulationsThe idea is that the requirements should not be limited to the most visible units, such as the car's internet connectivity, but rather also include sensors that, without being connected to the mobile network, transmit information via radio.
From the end user's perspective, there is currently little room for maneuver. Drivers cannot legally disconnect the TPMS, as it is part of the vehicle's systems. mandatory equipment for road safetyNor do they have an easy way of knowing what kind of system their car uses or how the information is transmitted. Therefore, experts agree that the solution lies in acting in industry and regulationrather than shifting the responsibility to the user.
Research by IMDEA Networks has highlighted that a component designed to warn of a puncture can be converted, without major technical complications, into a continuous source of data on location and driving habitsUntil protective measures are introduced into the design and European standards, pressure sensors will remain a clear example of how automotive technology, however commonplace it may seem, It can have a direct impact on the privacy of those who get behind the wheel..
