In the modern car security landscape, most people never think beyond key fob hacks, unsecured infotainment systems, or rogue cellular links that can expose private data.
Few imagine that the humble tire, specifically the small device tucked inside it to measure pressure, could offer a backdoor into a driver’s private movements.
Yet that is exactly the conclusion of a sweeping new study from the IMDEA Networks Institute in Madrid where researchers have shown that Tire Pressure Monitoring Systems (TPMS), installed on virtually every car built since the mid-2000s, can be used to track cars in the real world.
The Hidden Identifier in Every Tire
TPMS technology was introduced primarily to improve safety by alerting drivers to low tire pressure. If a tire loses air, the system sends a radio signal to the car’s internal computer which then displays a warning.
This technology became mandatory in the United States beginning with model year 2008, and it is widely deployed around the world. What many car owners do not know is that these little sensors broadcast more than just pressure data. Each sensor transmits a unique identifier along with its readings.
That unique identifier is the heart of the privacy problem. It means that each vehicle essentially broadcasts a digital signature of itself each time the sensor transmits data. Those transmissions are not protected by encryption.
Security researchers were able to intercept these IDs with inexpensive radio receivers costing about one hundred dollars placed near busy roads and parking lots. Without encryption or authentication protocols in place, anyone with basic radio equipment and some technical skill could capture thousands of these signals.
6 Million Pings, 20,000 Vehicles
The Madrid researchers went beyond theory to test just how practical this form of tracking could be. Over a ten-week data collection period, they amassed more than six million tire sensor pings from over 20,000 vehicles.
By deploying multiple low-cost receivers at sites around their test area, they were able to match unique IDs to specific vehicles and compile movement patterns over time.
Signals could be picked up from dynamic traffic at distances of 50 meters or more, and even through walls of buildings and barriers that would block optical systems. This is what sets TPMS tracking apart from camera-based or visual surveillance.
The implications are significant. Camera systems can only identify vehicles when the line of sight is clear, and they must actually see a license plate or vehicle features to tag a vehicle.
TPMS based tracking offers a way to recognize and monitor a vehicle without ever seeing it visually, or needing a camera aimed at it.
A series of cheap receiver stations could quietly log where unique IDs appear and re-appear, constructing a picture of a driver’s routines, favorite routes, work commute times, or even home location.
In their published findings, the research team emphasized that TPMS was created for safety not for privacy, and that the current regulatory framework does nothing to protect against this kind of passive surveillance.
As one of the lead researchers noted, signals that appear to be harmless tire pressure readings can become a powerful identifier when collected at scale.
The Forgotten Security Gap
There are benchmarks in automotive security where early vulnerabilities eventually led to stronger standards. Wi-Fi and Bluetooth stacks have matured with encryption built in. Modern keyless entry systems have added protections to prevent simple relay attacks.
But TPMS remains something of a forgotten part of the automobile security ecosystem. Because it functions on short-range radio and battery power, designers prioritized cost and efficiency over cryptographic security.
Industry experts now argue that future TPMS designs should incorporate encryption and dynamic identifiers so that a sensor’s broadcast cannot be trivially linked back to a fixed vehicle ID.
Some proposals include rotating IDs, challenge-response handshakes, or other cryptographic measures similar to what is used in contactless payment systems. That would raise the bar significantly for anyone hoping to passively collect and use these signals for tracking.
Meanwhile, there is no regulatory requirement that TPMS data be secured. Most drivers will remain unaware that their tires could betray their travel patterns.
Sources: IMDEA Networks Institute