TPMS: Low-Cost Receivers Enable Vehicle Tracking
Context and Chronology
An academic team showed that tire telemetry emits stable identifiers that can be captured by simple radio kits, enabling location linkage over time. Deploying five receivers for ten weeks, the researchers recorded over 6,000,000 messages tied to roughly 20,000 vehicles, with each node costing about $100. The setup used passive collection; no invasive hardware or complex exploits were necessary, demonstrating operational ease at street scale. This elevates what was treated as maintenance telemetry into an actionable privacy vector.
The practical consequences include persistent location profiles and the ability to correlate telemetry with known persons or assets. The researchers warn that combining passive capture with active signal injection could force stops or manipulate vehicle responses; attackers could thus amplify a tracking campaign into targeted interdiction. Dr. lead researcher frames the result as a bridge between low-cost radio tools and physical-world surveillance, showing how low-friction deployments can map movement patterns. Those patterns reveal dwell points, routes, and behavioral fingerprints that extend beyond mere presence data.
Mitigation options are technical and policy-driven: rolling identifiers, on-sensor cryptography, or protocol redesign would raise cost and complexity for attackers but require OEM coordination and regulatory pressure. Regulators and highway operators now face a binary trade-off between incremental firmware fixes and full protocol replacement, each with distinct supply-chain impact. For those who want to inspect the paper, the study is available at the project PDF. Industry players must decide rapidly: accept an exploitable telemetry regime, or invest to break the economics of cheap interception.
Read Our Expert Analysis
Create an account or login for free to unlock our expert analysis and key takeaways for this development.
By continuing, you agree to receive marketing communications and our weekly newsletter. You can opt-out at any time.
Recommended for you
U.C. Irvine reveals umbrella-based deception of target-tracking drones
U.C. Irvine researchers demonstrated a patterned-umbrella technique, called FlyTrap , that manipulates camera-based target-tracking drones to close distance and become vulnerable to capture; the team tested the method on three commercial models and disclosed flaws to vendors. The finding exposes a practical weakness in vision-only ATT systems and accelerates demand for sensor fusion, model hardening, and regulatory clarification.
CBP Bought Ad-Industry Location Streams to Track Phones
CBP acknowledged buying real-time ad-derived location feeds during a 2019–2021 trial, enabling reconstruction of mobile movement patterns. This practice tightens the link between surveillance authorities and the adtech data market, raising legal, market, and regulatory consequences for data brokers and platforms.
Automakers selling driver telemetry to insurers fuels privacy and pricing fights
A driver discovered his braking event reached an insurer via his vehicle maker’s telemetry, sparking a lawsuit and renewed scrutiny of data sales. Regulators and consumer groups warn that widespread collection—affecting roughly nine in ten new cars—has real price and consent implications.
Intoxalock Cyberattack Strands Court-Monitored Drivers
A cyberattack on Intoxalock disabled remote calibrations, leaving many court-ordered drivers unable to start vehicles and prompting emergency extensions and towing offers. The incident highlights systemic fragility in server-dependent monitoring devices and will accelerate regulatory, procurement, and insurer responses around automotive IoT safety.
GPS Disruption in GCC Erodes Trust in Mapping and Delivery Services
Widespread GPS interference across Gulf states has produced large route-time spikes and corrupted location feeds for navigation and delivery apps, exposing dependencies in logistics, aviation, and critical infrastructure. Industry actors face immediate service degradation and a strategic push toward alternate positioning, navigation, and timing solutions.
Russian reconnaissance satellites shadow European geostationary communications
Two Russian spacecraft have repeatedly loitered near European and NATO-aligned geostationary communications satellites to map antenna pointing, ground terminal locations and traffic timing — while one of the inspector platforms fragmented after being moved to a disposal trajectory. That technical reconnaissance not only raises collision and debris hazards in GEO but also amplifies asymmetric risks by making it easier to target or exploit commercial satellite links, including their potential misuse to steer guided munitions.
ZeroDayRAT: Commercial spyware kit offers comprehensive remote control of Android and iOS devices
A commercially marketed spyware package circulating on Telegram equips buyers to fully surveil and control infected Android and iOS phones, combining continuous credential and clipboard theft with persistent device monitoring. Researchers warn operators also adopt resilient distribution tactics—including droppers, mirrored hosting and abuse of public repositories—that speed payload rotation and complicate takedown.
AirSnitch: wireless client‑isolation exploit threatens routers
New research named AirSnitch demonstrates a cross‑layer Wi‑Fi exploit that defeats client isolation across consumer and enterprise gear. The flaw enables bidirectional man‑in‑the‑middle attacks, RADIUS spoofing, and credential theft, forcing firmware, silicon, and architecture changes.