Update 11/16/2011: This work was also mentioned in a CACM article Wireless tire pressure monitoring systems designed to alert drivers to problems with low tire pressure can be intercepted or forged, causing possible security or privacy threats, according to research at the University of South Carolina and Rutgers University. Dr. Wenyuan Xu, an assistant professor in the department of computer science and engineering at USC and the lead investigator on the project, said tire pressure monitoring communications systems in many new cars are not properly secured, allowing anyone to eavesdrop on the wireless communication and send false messages to drivers.
Most new cars manufactured or sold in the U.S. after 2007 are equipped with the tire pressure monitoring system. As technology evolves and more wireless sensors and devices are introduced into cars, Xu said carmakers need to pay more attention to securing wireless communication before more serious vulnerabilities emerge. For example, although not a reality yet, if the tire pressure reading is used to assist the stability control, then sending a forged message with the wrong tire pressure could be dangerous. USC researchers and their colleagues at Rutgers University studied tire-pressure monitoring systems (TPMS), the devices that monitor air pressure inside tires and trigger a dashboard warning if a tire’s pressure drops.
Researchers were able to intercept the wireless signals 120 feet away from the car using a simple receiver. “Hopefully, as a result of our project, the security and privacy concerns from consumers will push the car industry to design in-car wireless networks with security and privacy in mind,” Xu said. Virtually all new cars use direct TPMS, which relies on wireless technologies. Since wireless communication is prone to eavesdropping and malicious hacking, the researchers wanted to analyze the security and privacy aspects of the first widely used wireless systems, Xu said. “Since the wireless communication contains unique identifiers of each car, it is possible to track vehicles by listening to the tire pressure monitoring system’s wireless communication,” Xu said. “Further, we have shown that we can transmit false messages to make the car trigger the ‘low pressure warning light’ on the dashboard while all tire pressures are normal. We managed to ‘damage’ the tire pressure monitoring system by sending false messages.”
Xu is a co-author of the paper, “Security and Privacy Vulnerabilities of In-Car Wireless Networks: A Tire Pressure Monitoring System Case Study,” and presented it at the USENIX Security Symposium in Washington, D.C., earlier this month. The automotive security and privacy research project is a joint project between USC and the Wireless Information Network Laboratory (WINLAB) at Rutgers. USC students Ishtiaq Rouf, Hossen Mustafa and Travis Taylor, along with Rob Miller, Sangho Oh, Marco Gruteser, Wade Trappe and Ivan Seskar from Rutgers participated in the project. Most of the experiments were conducted at USC. Computerworld has an article on the research into the vulnerabilities of cars' tire pressure monitor systems performed by Dr. Xu and her collaborators. MIT's Technology Review has another similar article.
The new entry, "Virtual USC," is taking shape at the College of Engineering and Computing to provide an insider's virtual tour of the Carolina Horseshoe. "This is going to be very cool," said Duncan Buell, the professor of computer science who guided a group of 10 undergraduate students involved in the software application's development during the spring semester. Buell is aiming for a prototype smart phone tour of the Horseshoe in which users can click on Gamecock icons embedded in a campus map to reveal historic and contemporary interior pictures of several buildings.
Among highlights will be the South Caroliniana Library and the Gressette Room in Harper College. University Archives provided historical photos and University Technology Services provided current pictures. "Once we get the first couple of stops on the tour done adding more of them won't be conceptually difficult," said Buell, adding that tours of each building will take users through an animation that walks them to a starting point where they can then access other available images. "With a program like this, once you get the basic structure of the app done, adding locations means a little more work and having to worry about bandwidth and things like that, but it's not that much more of an effort."
Buell embarked on the project with the intent of producing an app for an Android smart phone that would be relevant to a National Endowment for the Humanities-funded computer gaming institute at the University this summer. The institute is a project of the University's Digital Humanities Initiative. "The first couple of weeks the students just brainstormed on various ideas along the lines of, ‘What could you do with a mobile phone like this, and how could you use a location awareness to know where you were and pull up something of interest?' "Gradually, we converged on this project as something that could be done in 15 weeks and end up with close to a 100 percent professional product. It's not really a game, but once you get an app like this built out you can change the content and the programming and easily put it into something else, like a scavenger hunt. "The hard part of the programming is getting all the pieces to fit together with the maps, overlays, and the images," said Buell. "It's not hard dealing with the content once you have it. So this project is partly an adaptation to what we could undertake that was interesting and relevant."
The 10 students were drawn from three different computer science courses. They had worked as programmers and helped come up with the design and structure of the overall software. Once the Android app is working, the next project will be to port it to the iPhone, "a huge difference because the programming is very different," Buell said. The group has also drawn on the expertise of faculty members in the University's Digital Humanities Initiative who offered guidance on such things as the app's visual elements and other factors that would add to its user friendliness and appeal. Buell anticipates that once the app is perfected for both Android and iPhones, it could be adapted to a wide variety of other campus uses. These could include wider virtual tours of the campus, plant or museum tours envisioned by Allison Marsh, an assistant professor of history who supervises the museum track in the history department's public history program, or applications like teaching outdoor courses that link GPS coordinates with radio frequency ID chips positioned at various locations on campus. "You could do a lot of fun applications like this and even expand it to Columbia and the Vista," Buell said. By Office of Publications