Want to Win a Bike Race? Hack Your Rival’s Wireless Shifters
upstart writes:
Professional cycling has, in its recent history, been prone to a shocking variety of cheating methods and dirty tricks. Performance-enhancing drugs. Tacks strewn on race courses. Even stealthy motors hidden inside of wheel hubs.
Now, for those who fail to download a software patch for their gear shifters-yes, bike components now get software updates-there may be hacker saboteurs to contend with, too.
At the Usenix Workshop on Offensive Technologies earlier this week, researchers from UC San Diego and Northeastern University revealed a technique that would allow anyone with a few hundred dollars of hardware to hack Shimano wireless gear-shifting systems of the kind used by many of the top cycling teams in the world, including in recent events like the Olympics and the Tour de France. Their relatively simple radio attack would allow cheaters or vandals to spoof signals from as far as 30 feet away that trigger a target bike to unexpectedly shift gears or to jam its shifters and lock the bike into the wrong gear.
The trick would, the researchers say, easily be enough to hamper a rival on a climb or, if timed to certain intense moments of a race, even cause dangerous instability. "The capability is full control of the gears. Imagine you're going uphill on a Tour de France stage: If someone shifts your bike from an easy gear to a hard one, you're going to lose time," says Earlence Fernandes, an assistant professor at UCSD's Computer Science and Engineering department. "Or if someone is sprinting in the big chain ring and you move it to the small one, you can totally crash a person's bike like that."
[...] To exploit those wireless components and sabotage a specific target bike, the researchers' technique does require that a hacker first intercept the target's gear-shift signals at some point before they carry out their attack. The hacker can then replay those signals-even months later-to cause the bike to shift at the hacker's command.
To carry out that eavesdrop-and-replay attack, the researchers used a $1500 USRP software-defined radio, an antenna, and a laptop. They say though that a $350 HackRF would work just as well, and point out that their hardware setup could be miniaturized to the degree that it could be hidden along the sidelines of a race, in a cycling team car, or even in the back pouch of a rider's jersey, such as by implementing it in a Raspberry Pi mini-computer.
Read more of this story at SoylentNews.