Want to Win a Bike Race? Hack Your Rival’s Wireless Shifters

Exactly how the patch will be deployed to customers isn’t quite clear either. The company writes that “riders can perform a firmware update on the rear derailleur” using Shimano’s E-TUBE Cyclist smartphone app. But it fails to mention whether the fix will apply to the front derailleur. “More information about this process and steps riders can take to update their Di2 systems will be available shortly,” it concludes.

While Shimano’s patching plan leaves a week or two-week gap between the researchers’ public presentation of their bike-hacking technique at Usenix and the broad rollout of a fix for customers, UCSD professor Fernandes argues it’s unlikely that average riders will be targeted with their technique—at least not immediately. “I find it hard to believe that someone will want to launch such an attack on me during my Saturday group ride,” Fernandes says.

Professional cyclists, however, should be sure to implement the early patch that Shimano has already provided, the researchers say. They note, too, that other brands of wireless shifters may be vulnerable to similar hacking techniques: They focused on Shimano only because it has the largest market share.

In the ruthless world of competitive cycling, which has been rocked to its foundations in recent decades by doping scandals, they argue that rivals hacking each others’ shifters is not at all a far-fetched scenario. “This is, in our opinion, a different kind of doping,” says Fernandes. “It leaves no trace, and it allows you to cheat in the sport.”

More broadly, they argue that their radio-based bike hacking research is a cautionary tale about the temptation to add wireless electronic features to every technology, from garage doors to cars to bicycles, and the unintended consequences of that long-term trend—namely, that they’ve all become vulnerable to forms of replay and jamming attacks of the kind that Shimano is now scrambling to fix.

“This is a repeating pattern,” says Northeastern’s Ranganathan, who has also developed solutions for replay attacks on cars’ keyless entry systems. “When manufacturers start putting in wireless features in their products, it has an impact on real-world control systems. And that can cause real physical harm.”