Deutsch English Français Italiano |
<opg1cj5kmiullu25leaaii4redindeohj4@4ax.com> View for Bookmarking (what is this?) Look up another Usenet article |
Path: ...!news.misty.com!2.eu.feeder.erje.net!feeder.erje.net!fu-berlin.de!uni-berlin.de!individual.net!not-for-mail From: Jeff Liebermann <jeffl@cruzio.com> Newsgroups: rec.bicycles.tech Subject: Re: Jamming Shimano Di2 Date: Sat, 17 Aug 2024 09:14:29 -0700 Lines: 68 Message-ID: <opg1cj5kmiullu25leaaii4redindeohj4@4ax.com> References: <ona0cjlnpdmjv5c2r6nlm1ubb3mi4jqf55@4ax.com> <v9q3t0$1sfv4$10@dont-email.me> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Trace: individual.net 9+TGwOriZTkZxVZfWO0QLwBmwQgG0JV/NdC3kH9mxu5upw0YmV Cancel-Lock: sha1:Z3XnL/sNiYgAEaTbdagt4/pFU1E= sha256:wxj9+uphGmLWjd5lxpZO+aDlaVbWH2/b8bM0LRha5PQ= User-Agent: ForteAgent/8.00.32.1272 Bytes: 4156 On Sat, 17 Aug 2024 08:09:03 -0400, zen cycle <funkmasterxx@hotmail.com> wrote: >On 8/17/2024 1:06 AM, Jeff Liebermann wrote: >> Welcome to electronic warfare for bicycle racing. >> >> "High-end racing bikes are now vulnerable to hacking" >> <https://www.theverge.com/2024/8/14/24220390/bike-hack-wireless-gear-shifters> >> "They also found it’s possible to disable gear shifting for one >> particular bike with a targeted jamming attack, rather than impacting >> all surrounding ones." >> >> "Cybersecurity Flaws Could Derail High-profile Cycling Races" >> <https://today.ucsd.edu/story/cybersecurity-flaws-could-derail-high-profile-cycling-races> >> "Attackers can record and retransmit gear-shifting commands, allowing >> them to control gear-shifting on the bike without the need for >> authentication via cryptographic keys." >> >> "No, you won't be able to hack pro cyclists' electronic gears" >> <https://road.cc/content/tech-news/no-you-wont-be-able-hack-pro-cyclists-electronic-gears-309913> >> "Could one of the world's best professional cyclists lose a bike race >> because of nefarious hacking or jamming of their electronic shifting? >> That's the question thrust into the spotlight since US-based >> researchers revealed a radio attack technique that can target and hack >> into Shimano Di2, causing a cyclist's gears to change, or even be >> disabled, via a £175 device up to 10 metres away." >> >> "MakeShift: Security Analysis of Shimano Di2 Wireless Gear Shifting in >> Bicycles" >> <https://www.usenix.org/system/files/woot24-motallebighomi.pdf> >> "...we uncovered the following critical vulnerabilities: >> (1) A lack of mechanisms to prevent replay attacks that allows an >> attacker to capture and retransmit gear shifting commands; >> (2) Susceptibility to targeted jamming, that allows an attacker to >> disable shifting on a specific target bike; >> (3) Information leakage resulting from the use of ANT+ communication, >> that allows an attacker to inspect telemetry from a target bike." >> >something tells me this could get very interesting.... Agreed. What I find amusing (but not surprising) is that Shimano's proprietary protocol is seriously lacking: (1) It's vulnerable to a replay DoS (denial of service) attack, which is a very basic security failure that should have been tested. There are other possible attacks, which I'm sure the forces of evil are now furiously testing for additional security issues. (2) Reliance on ANT+ security, which has provisions for encryption, but nothing for cryptographic authentication. That means the forces of evil could forge ANT+ packets and impersonate devices. "Analyzing a low-energy protocol and cryptographic solutions" (Mar 2015) <https://courses.csail.mit.edu/6.857/2015/files/camelosa-greene-loving-otgonbaatar.pdf> At least Shimano's use of BTLE (bluetooth low energy), for Di2 control and configuration, is fairly secure. (3) Security by Obscurity doesn't work for very long. Shimano and ANT (owned by Garmin) should publish and perhaps open source their proprietary protocols in order get help from the cryptographic community. -- Jeff Liebermann jeffl@cruzio.com PO Box 272 http://www.LearnByDestroying.com Ben Lomond CA 95005-0272 Skype: JeffLiebermann AE6KS 831-336-2558