Researchers have uncovered significant cybersecurity vulnerabilities in the wireless gear-shifting systems of high-end bicycles, particularly those using Shimano’s Di2 technology.
This revelation has sent shockwaves through the professional cycling community, highlighting potential risks to rider safety and the integrity of competitive events like the Tour de France.
The study, conducted by computer scientists from the University of California, San Diego, and Northeastern University, focused on the Shimano Di2 wireless gear-shifting system, a market leader in this space. The researchers identified three primary vulnerabilities:
Replay Attacks: The system lacks mechanisms to prevent replay attacks. Attackers can capture and retransmit gear-shifting commands, gaining unauthorized control over a bike’s gear system. This can be achieved from distances up to 10 meters using off-the-shelf software-defined radios (SDRs) without the need for signal amplification.
The recorded packets can be used at any future time as long as the bike components remain paired.
Targeted Jamming: The system is susceptible to targeted jamming attacks, where an attacker can disable the gear-shifting capability of a specific bike without affecting others nearby. This can disrupt a cyclist’s performance, potentially leading to dangerous situations during races.
Information Leakage via ANT+ Communication: The use of the ANT+ protocol for communication leaks telemetry data, allowing attackers to monitor a cyclist’s gear position and other metrics in real-time. This information can be used to time attacks more effectively.
Free Webinar on Detecting & Blocking Supply Chain Attack -> Book your Spot
These vulnerabilities pose a significant threat to professional cycling, where any unauthorized gear changes can drastically affect a rider’s performance. In high-stakes races, such as the Tour de France, an attacker could exploit these weaknesses to gain an unfair advantage, potentially causing crashes or injuries by manipulating gear shifts or jamming the shifting operation.
“We conducted the first security analysis of the Shimano wireless shifting protocol and discovered its vulnerability to replay and jamming attacks. This allows attackers to target riders and take over control of the bike’s gear shifting behavior. Allowing attackers such control can
lead to negative outcomes on the performance of riders in professional races and can affect the integrity of the sport,” researchers added.
The study draws parallels to the sport’s troubled history with performance-enhancing drugs, suggesting that exploiting these vulnerabilities could become an “attractive alternative” for those seeking an unfair edge without leaving detectable traces.
In response to these findings, the researchers have collaborated with Shimano to develop countermeasures aimed at mitigating these vulnerabilities. Shimano has already begun implementing some of these measures, with a firmware update expected to be available to all riders by the end of August.
The proposed countermeasures include:
- Rolling Codes: Implementing rolling codes to prevent replay attacks by ensuring each command is unique and cannot be reused.
- Enhanced Encryption: Strengthening encryption protocols to protect against unauthorized access and data interception.
- Improved Protocol Design: Redesigning communication protocols to include timestamps or sequence numbers, thus preventing replay attacks.
As the cycling industry continues to embrace technological advancements, ensuring robust cybersecurity measures is crucial to maintaining the safety and fairness of the sport.
As of now, there have been no reported real-world incidents where Shimano’s Di2 wireless gear-shifting system has been hacked. The vulnerabilities identified in the system have been demonstrated in controlled research settings rather than in actual events or competitions.
Are You From SOC/DFIR Teams? - Try Advanced Malware and Phishing Analysis With ANY.RUN - 14 day free trial