Sujet : Re: Jamming Shimano Di2
De : funkmasterxx (at) *nospam* hotmail.com (zen cycle)
Groupes : rec.bicycles.techDate : 17. Aug 2024, 18:27:26
Autres entêtes
Organisation : A noiseless patient Spider
Message-ID : <v9qj1f$1v8v2$4@dont-email.me>
References : 1 2 3
User-Agent : Mozilla Thunderbird
On 8/17/2024 12:14 PM, Jeff Liebermann wrote:
On Sat, 17 Aug 2024 08:09:03 -0400, zen cycle
<funkmasterxx@hotmail.com> wrote:
On 8/17/2024 1:06 AM, Jeff Liebermann wrote:
Welcome to electronic warfare for bicycle racing.
>
"High-end racing bikes are now vulnerable to hacking"
<https://www.theverge.com/2024/8/14/24220390/bike-hack-wireless-gear-shifters>
"They also found it’s possible to disable gear shifting for one
particular bike with a targeted jamming attack, rather than impacting
all surrounding ones."
>
"Cybersecurity Flaws Could Derail High-profile Cycling Races"
<https://today.ucsd.edu/story/cybersecurity-flaws-could-derail-high-profile-cycling-races>
"Attackers can record and retransmit gear-shifting commands, allowing
them to control gear-shifting on the bike without the need for
authentication via cryptographic keys."
>
"No, you won't be able to hack pro cyclists' electronic gears"
<https://road.cc/content/tech-news/no-you-wont-be-able-hack-pro-cyclists-electronic-gears-309913>
"Could one of the world's best professional cyclists lose a bike race
because of nefarious hacking or jamming of their electronic shifting?
That's the question thrust into the spotlight since US-based
researchers revealed a radio attack technique that can target and hack
into Shimano Di2, causing a cyclist's gears to change, or even be
disabled, via a £175 device up to 10 metres away."
>
"MakeShift: Security Analysis of Shimano Di2 Wireless Gear Shifting in
Bicycles"
<https://www.usenix.org/system/files/woot24-motallebighomi.pdf>
"...we uncovered the following critical vulnerabilities:
(1) A lack of mechanisms to prevent replay attacks that allows an
attacker to capture and retransmit gear shifting commands;
(2) Susceptibility to targeted jamming, that allows an attacker to
disable shifting on a specific target bike;
(3) Information leakage resulting from the use of ANT+ communication,
that allows an attacker to inspect telemetry from a target bike."
>
something tells me this could get very interesting....
Agreed. What I find amusing (but not surprising) is that Shimano's
proprietary protocol is seriously lacking:
(1) It's vulnerable to a replay DoS (denial of service) attack, which
is a very basic security failure that should have been tested. There
are other possible attacks, which I'm sure the forces of evil are now
furiously testing for additional security issues.
(2) Reliance on ANT+ security, which has provisions for encryption,
but nothing for cryptographic authentication. That means the forces
of evil could forge ANT+ packets and impersonate devices.
"Analyzing a low-energy protocol and cryptographic solutions" (Mar
2015)
<https://courses.csail.mit.edu/6.857/2015/files/camelosa-greene-loving-otgonbaatar.pdf>
At least Shimano's use of BTLE (bluetooth low energy), for Di2 control
and configuration, is fairly secure.
(3) Security by Obscurity doesn't work for very long. Shimano and
ANT (owned by Garmin) should publish and perhaps open source their
proprietary protocols in order get help from the cryptographic
community.
ANT+ was never intended as a control protocol AFAIU. My own experience with it in my Zwift set-up paired to my Wahoo Kickr showed it to be slow and finicky. User forums complained of similar issues. My set-up worked more accurately and reliably after I switched to the BLE mode.
I could definitely see a scenario where a DS riding in a team car could use a tool that targets a specific rider and keeps forcing the rider into his 12 at seemingly random times.
Though it's not anything I'll ever have to worry about, I'll stick with the simplicity and reliabilty of a cable system, thank you.
Jamming Shimano Di2
Re: Jamming Shimano Di2