Hackers Could Hijack Your Shimano Di2 Shifters—Is Pro Cycling Prepared for This?
"Hearst Magazines and Yahoo may earn commission or revenue on some items through these links."
The advent of electronic shifting has many perks: a smoother system, a rarely dropped chain, the ability to jump gears very quickly, and an overall more reliable ride. But it also has downsides. One of those is that an electronic gearing system requires firmware updates, and an online connection means vulnerabilities.
It’s safe to assume that everyone in the WorldTour peloton is now using electronic shifting. One of the most popular choices is Shimano’s Di2, with 14 of the 18 men’s WorldTour teams using Shimano Dura-Ace groupsets. A recent study by researchers from Northeastern University and UC San Diego exposes critical security flaws in these systems.
The pressing question is: What are the real-world implications of gear hacks on professional races? Read on to discover the potential risks and impacts.
The Research: Uncovering Vulnerabilities
The study was conducted by Maryam Motallebighomi, Aanjhan Ranganathan, and Earlence Fernandes through a black-box analysis of Shimano’s proprietary wireless protocol. The three researchers uncovered the following critical vulnerabilities: “(1) A lack of mechanisms to prevent replay attacks that allows an attacker to capture and retransmit gear shifting commands; (2) Susceptibility to targeted jamming, that allows an attacker to disable shifting on a specific target bike; and (3) Information leakage resulting from the use of ANT+ communication, that allows an attacker to inspect telemetry from a target bike.”
With this information, they were able to exploit the technology and successfully record and replay attacks. This means they could completely control a bike’s shifting without needing cryptographic keys. They were able to replay attacks from up to ten meters away, using software-defined radios without any amplifiers.
This can be done anytime as long as the bike components remain paired. The researchers could also disable gear shifting for a specific bike, meaning they had enough control that they wouldn’t take over all bikes in the peloton, just the ones they targeted.
“The capability is full control of the gears. Imagine you’re going uphill on a Tour de France stage: If someone shifts your bike from an easy gear to a hard one, you’re going to lose time,” Fernandes, an assistant professor at UCSD’s Computer Science and Engineering department, told Wired.
How Gear Hacking Works
The ability to target specific bikes is an enormous threat. The researchers explain such scenarios: “In a professional race, a peloton of hundreds of riders are close to each other, often a few feet apart, and can reach speeds up to 40 mph. Any sudden changes to a bike’s performance can be catastrophic. For example, if an attacker were to target a subset of riders and shift the gears or jam the shifting operation, it could result in crashes and injuries. As another example, if the riders are climbing slowly (or descending at high speed), an attacker could shift a target rider’s bike into high gear or jam their shifting, leading them to lose their position in the race and even lose control of the bike itself.”
The researchers’ technique requires that a hacker intercept the target’s gear-shift signals before carrying out their attack. The hacker can replay the signals even months later to cause the bike to shift at the hacker’s command.
In the study, the researchers used a $1,500 USRP software-defined radio, an antenna, and a laptop. A $350 HackRF would be equally effective. The setup can be made small enough to be discreetly concealed along a race’s sidelines, in a team car, or even inside a rider’s jersey, such as with a compact such as the Raspberry Pi.
The possibilities are vast regarding how and when someone could target one or many riders in a race. The researchers noted that it would be possible to read the shifting signals from an entire peloton and then jam everyone except a chosen rider. “You can basically jam everyone except you,” said Northeastern professor Aanjhan Ranganathan.
How It Works
>> Intercept Signals: Hackers use a software-defined radio and antenna to capture the gear-shift signals from a specific bike.
>> Replay Signals: They can store these signals and replay them later to remotely control the bike’s gears.
>> Jam Shifting: Hackers can broadcast a jamming signal to disrupt or disable the gear-shifting system, affecting the targeted bike or a group of bikes.
>> Execute Attack: Using the captured or jammed signals, hackers can cause sudden gear shifts or lock the bike into a specific gear, potentially leading to crashes or performance issues.
Shimano’s Response: Addressing the Threat
When Bicycling contacted Shimano for comment, they said in an email, “Shimano is unaware of real-world attempts to implement this or any wireless hacking on the Di2 system in a race scenario or otherwise. However, Shimano is committed to the highest level of security and safety and works to continuously improve its technologies to remove any threat, no matter how feasible or not an attack might be.”
Shimano did provide a firmware update to the professional cycling teams that use its components. However, they declined to comment specifically on how the update will prevent the attacks the study outlined. Shimano stated, “We can share that this update is intended to improve wireless transmission across Shimano Di2 component platforms. We cannot share details on the exact fix at this moment for obvious security reasons.”
How Teams and Riders Can Protect Themselves
Beyond the professionals, should everyday riders and amateur racers be worried? “I think non-professional cyclists have nothing to worry about. I find it hard to believe that someone will want to launch such an attack on me during my Saturday group ride,” Fernandes told Road.cc.
But he also warned that pros should be sure to implement the early patch that Shimano has already provided. The researchers also noted that this isn’t brand-specific. The study looked at Shimano’s Di2, but other wireless shifters may also be similarly vulnerable.
So, is it time to shift back to manual controls? Probably not. Is it important that professional cycling teams stay up to date on everything they can to prevent this new threat? Absolutely.
You Might Also Like