2024-08-14 カリフォルニア大学サンディエゴ校(UCSD)
Earlence Fernandes, one of the paper’s lead co-authors and a computer scientist at the University of California San Diego, is a cycling enthusiast. He is pictured here in Catalina Island.
<関連情報>
- https://today.ucsd.edu/story/cybersecurity-flaws-could-derail-high-profile-cycling-races
- https://www.usenix.org/conference/woot24/presentation/motallebighomi
MakeShift: シマノDi2ワイヤレス変速システムのセキュリティ分析 MakeShift: Security Analysis of Shimano Di2 Wireless Gear Shifting in Bicycles
Maryam Motallebighomi,Earlence Fernandes,Aanjhan Ranganathan
Abstract
The bicycle industry is increasingly adopting wireless gear-shifting technology for its advantages in performance and design. In this paper, we explore the security of these systems, focusing on Shimano’s Di2 technology, a market leader in the space. Through a blackbox analysis of Shimano’s proprietary wireless protocol, we uncovered the following critical vulnerabilities: (1) A lack of mechanisms to prevent replay attacks that allows an attacker to capture and retransmit gear shifting commands; (2) Susceptibility to targeted jamming, that allows an attacker to disable shifting on a specific target bike; and (3) Information leakage resulting from the use of ANT+ communication, that allows an attacker to inspect telemetry from a target bike. Exploiting these, we conduct successful record and replay attacks that lead to unintended gear shifting that can be completely controlled by an attacker without the need for any cryptographic keys. Our experimental results show that we can perform replay attacks from up to 10 meters using software-defined radios without any amplifiers. The recorded packets can be used at any future time as long as the bike components remain paired. We also demonstrate the feasibility of targeted jamming attacks that disable gear shifting for a specific bike, meaning they are finely tuned to not affect neighboring systems. Finally, we propose countermeasures and discuss their broader implications with the goal of improving wireless communication security in cycling equipment.
