Did you know Shimnao Di2 can be hacked? Well, researchers at the University of California San Diego and Northeastern University have discovered that it can be, allowing bad actors to use signal jammers and devices known as software-defined radios in order to disrupt shifting remotely or even disabling the system completely.
“Security vulnerabilities in wireless gear-shifting systems can critically impact rider safety and performance, particularly in professional bike races,” the researchers write. “In these races, attackers could exploit these weaknesses to gain an unfair advantage, potentially causing crashes or injuries by manipulating gear shifts or jamming the shifting operation.”
The team uncovered three key vulnerabilities within this wireless system; namely, hackers can record and retransmit gear-shifting commands, allowing them to control gear-shifting on the bike without the need for authentication via cryptographic keys. For instance, the research team successfully conducted, recorded and replayed attacks from a distance of up to 10 meters (roughly 10 yards) using an off-the-shelf, software-defined radio, without needing an amplifier to boost signal strength. Moreover, recorded data could be reused anytime, provided the bike components remain paired.
As mentioned, hackers can also easily disable and jam gear shifting on a specific bike without affecting nearby systems, creating significant risks for riders.
Additionally, the wireless system uses the communication protocol ANT+, which leaks information, allowing hackers to monitor their target in real-time.
“The history of professional cycling’s struggles with illegal performance-enhancing drugs underscores the appeal of such undetectable attacks, which could similarly compromise the sport’s integrity. Given these risks, it is essential to adopt an adversary’s viewpoint and ensure that this technology can withstand motivated attackers in the highly competitive environment of professional cycling,” researchers add.
Researchers developed several countermeasures to prevent replay attacks, mitigate targeted jamming, and prevent information leakage. Shimano has already implemented some of these measures and a new update will make them widely available soon.
You must be logged in to post a comment.