Summary: Researchers have identified critical vulnerabilities in Shimano’s Di2 electronic gear-shifting system, which could allow attackers to manipulate gear shifts remotely. This raises significant concerns about the security of high-end bicycles, particularly for professional cyclists during competitions.
Threat Actor: Unknown | unknown
Victim: Shimano Di2 users | Shimano Di2 users
Key Point :
- Vulnerabilities allow attackers to intercept and replay encrypted commands, shifting gears without decryption.
- Attackers can exploit the system from a distance of up to 10 meters, posing risks during competitions.
- Shimano has developed a security update, but it is currently only available to professional cycling teams.
- Potential attacks could lead to gear malfunctions, leaving cyclists stranded or injured.
Researchers have recently uncovered vulnerabilities in the popular Shimano Di2 electronic gear-shifting system, raising concerns about the security of these high-end bicycles.
While cybersecurity experts have long been warning about the potential risks of interconnected devices, from baby monitors to automobiles, this latest frontier of bicycle hacking may still come as a surprise.
Ins and Outs of Electronic Gear-Shifting
Shimano, the world’s largest manufacturer of bicycle components, has been experimenting with electronic gear-shifting systems since 2001. Unlike traditional mechanical systems, which rely on cables to connect the gear-derailleurs to the gear-shifters, electronic systems use wireless or wired connections to transmit commands.
The Shimano Di2 system, which dominates the high-end market, uses a combination of Bluetooth Low Energy and ANT+ protocols to communicate with the bike’s computers and the Shimano smartphone app. The system’s communication is surprisingly simple, with the shifter sending a command to the derailleur, which confirms receipt of the command.
However, researchers from Northeastern University and the University of California San Diego discovered a critical vulnerability in the system’s proprietary protocol, which uses a fixed frequency of 2.478 GHz. While the commands are encrypted, the researchers found that the transmitted packets lack a timestamp or one-time code, making the system vulnerable to a replay attack.
This means that an attacker can intercept the encrypted commands and use them to shift gears on a victim’s bike without decrypting them.
Risks and Implications for Shimano Di2 Bicycles
The researchers successfully demonstrated that they could intercept and replay commands using an off-the-shelf software-defined radio, with an effective attack range of 10 meters. This raises significant concerns for professional cyclists, who could use this vulnerability to gain an unfair advantage in competitions.
Malicious commands could be sent remotely by a support team, affecting an opponent’s performance or even causing damage to the bike.
The researchers also explored the possibility of ‘targeted jamming,’ where continuous repeat commands are sent to the victim’s bike, causing the gear-shifting system to malfunction. These attacks, which effectively work as a denial-of-service (DoS) attack, could leave the cyclist stranded or injured while continuous repeat commands could potentially render the bicycle unusable.
Shimano’s Response to Vulnerability
Shimano has been made aware of the security vulnerabilities in the Shimano Di2 system and has developed an update to address the issue. However, as of now, the update has only been made available to professional cycling teams.
While Shimano has promised to make the update available to the general public through the E-TUBE PROJECT Cyclist app, the general public could remain vulnerable until a wider release is made, although the risk of exploitation is assumed to be low for non-professional cyclists.
Source: https://thecyberexpress.com/researchers-attack-vectors-shimano-di2