[Make-wifi-fast] Car tire tracking

Wed Nov 21 16:06:06 EST 2018

On Wed, Nov 21, 2018 at 9:17 AM David P. Reed <dpreed at deepplum.com> wrote:
>
> Schneier wrote in 2008 that some TPMS's have unique identifiers in the tire pressure sensors, and that the government requires that they be registered! https://www.schneier.com/blog/archives/2008/04/tracking_vehicl.html
>
>
>
> He seems to be a reliable source, but I'm skeptical that the tires radiate bluetooth signals for a lot of reasons. However, that doesn't make it less troubling.
>
>
>
> Now I am motivated to develop a software receiver that can tell me my tire pressure sensor info. Good use for my new XTRX that just arrived, serendipitously, today.

Pretty cool. Does it also already do LTE?

>
>
>
> Gotta find the specs of the radio system (hopefully NOT bluetooth) somewhere. If the gov't requires it to be a standard, it's probably open to the public.
>
>
>
> And then I can have fun hacking other people by sending fake tire pressures for their tires!

Heh.

>
>
>
> RTL-SDR probably can handle receiving what I suspect is the actual coding, though it's can't handl bluetooth frequency hopping.
>
>
>
>
>
> -----Original Message-----
> From: "David P. Reed" <dpreed at deepplum.com>
> Sent: Wednesday, November 21, 2018 11:48am
> To: "David P. Reed" <dpreed at deepplum.com>
> Cc: "David Lang" <david at lang.hm>
> Subject: Car tire tracking
>
> I think everyone who works in "wireless", especially mobile wireless, should become well aware of privacy concerns.
>
>
>
> Privacy isn't just about secrecy, but about how information gathered by sensors is used by others. Now that it's trivial to gather terabytes of personally sensitive information and analyze it, we have to live in a Surveillance Society whether we like it or not. My own thinking (admittedly anarchist-libertarian) is that Norms need to grow, because Laws can't. Engineers (the ones who design and maintain systems) have professional responsibilities for the societal impacts of their systems. THey are not allowed to subcontract that to the people who specify or regulate their output.
>
>
>
> So if we know how to, or can invent a way to, maintain privacy better for all (users and bystanders), we really must.
>
> The shareholders/owners of profit-maximizing companies won't, and the government (even the elected one) won't.
>
>
>
> Which is why I am following up on tire pressure gauge unique addressability. Anonymous car presence detection is a whole 'nother thing.
>
>
>
> By the way, Dave, I'm sure you know that the WiFi MAC is the technology standard of choice for inter-vehicle communications in the Transportation departments and ministries of the world. One thing to argue for is to require MAC address randomization and periodic (every 10 minutes?) changes.
>
>
>
> Convoying in the Smart Car and Autonomous Car industries is an important design goal. That requires some kind of "addressing" but it really should be non-unique, anonymizing. That follows the standard Principle of Least Privilege in systems architecture, which every engineer of information and control systems should have at front of mind for new designs.
>
>
>
> Fortunately, nearly all users of the 802.11 protocol assume that the MAC address can dynamically change, and the hardware in the 802 standard devices all seem to support it.
>
> IPv6 actually supports (and IETF best practices encourage) randomization of the lower 64 bit half of the 128-bit address, with the upper 64 bits being the coarse grained routing mechanism, including subnetting. So one can indeed randomize at the IPv6 level for privacy, given the design that allows multiple v6 addresses per interface. You can have different "personae" in IPv6.
>
>
>
> This good-privacy-in-the-design can get broken by thoughtless engineering.
>
>
>
> That's why I spread the word.
>
>
>
>

-- 

Dave Täht
CTO, TekLibre, LLC
http://www.teklibre.com
Tel: 1-831-205-9740