When you work in the cybersecurity industry for a long time, it begins to bicycle hack seem that it is difficult to surprise you with another hack. Baby monitor? Hacked . Car? Hacked , and repeatedly – all sorts of models. Not to mention cars, they have even reinvent a bicycle reached car washes . Toy robots , pet feeders , remote controls … And what about a fish tank? That happened too .
But what about bicycles? Well, they haven’t been hacked yet — until recently. In mid-August 2024, researchers published a paper describing a successful cyberattack on a bicycle. More specifically, on a wireless gear shifting system on a bicycle with Shimano Di2 technology.
Electronic Shifters: Shimano Di2 and More
It is worth making a few clarifications for those who are not very knowledgeable about bicycles and the latest trends in bicycle technology. Let’s start with the fact that the Japanese company Shimano is the world’s largest manufacturer of bicycle hack key reinvent a bicycle components for bicycles, such as transmissions, braking systems, and so on. First of all, Shimano specializes in traditional mechanical equipment, but for quite a long time – since 2001 – the company has been experimenting with the transition to electronics.
Classic gear shifting systems on bicycles relied
Electronic systems do not have this physical connection: the shifter sends a command to the derailleur, which changes gears using a small electric motor.
Electronic gear shifting systems in bicycles can also be wired – in this case, a wire is stretched between the shifter and the switch instead of a bicycle hack cable, through which commands are transmitted. But recently, it has become fashionable to use wireless systems, in which the shifter sends commands to the switch in the form of a radio signal.
At the moment, Shimano Di2 electronic gear shifting systems dominate
The more expensive and professional part of the Japanese company’s product line. The same is happening in the bicycle hack model ranges of the manufacturer’s main competitors – the American SRAM (which introduced wireless gear shifters first) and the Italian Campagnolo.
In other words, a significant portion of high-end ghana whatsapp data road, gravel, and mountain bikes have been equipped with electronic shifters for some time now—and increasingly, these are wireless systems.
Shimano Di2 Wireless Electronic Gear Shifting System Schematic
In the case of Shimano Di2, the wireless system isn’t really that wireless: there are still quite a few wires inside the bike frame: A and B are the wires from the battery to the bicycle hack front and rear derailleurs, respectively. Source
The transition from mechanics to electronics seems justified. Among the advantages of electronic systems are speed, precision and ease of gear shifting. But the rejection of wires looks like an innovation for the sake of innovation – the practical reinvent a bicycle advantages for the cyclist are not very clear. At the same time, the system becomes much more complex and “smarter”, which can lead to unexpected troubles. And now it’s time to move on to the bicycle hack main topic of this post – hacking bicycles.
Safety Study on Shimano Di2 Wireless Shifting System
A team of researchers from Northeastern University and the University of California, San Diego, conducted a safety analysis of the Shimano Di2 system . The specific models that the researchers looked at were the Shimano 105 Di2 (for mid-priced road bikes) and the Shimano DURA-ACE Di2 (the top of the line model, aimed at professional cyclists).
Both systems are identical in terms of communication capabilities
They use Bluetooth LE to communicate with the smartphone app and the ANT+ protocol to connect bike computers. However, the most important thing – that is, communication between the shifters and derailleurs – is done using Shimano’s own protocol on a fixed frequency of 2.478 GHz.
And the derailleur, in turn, can acknowledge the command to the shifter – if this acknowledgement is not received, the command will be bicycle hack sent reinvent a bicycle again. All these commands are encrypted, and the encryption key, apparently, is unique for each paired set of shifters and derailleurs. Everything seems fine, except for one thing: the transmitted packets do not contain either a timestamp or one-time codes.
As a result, for each specific combination of shifters and derailleurs, the commands are always the same, which makes the system vulnerable to a replay attack. That is, it turns out that the attacker does not need to decrypt the transmitted messages at all – he can intercept the encrypted commands and then use them to change gears on the victim’s bike.
Using a software-defined radio (SDR), the researchers were able to successfully intercept and reproduce commands for the switches, thereby gaining control over gear shifting. Moreover, the effective attack range, even without any modifications to the equipment, without the use of amplifiers and directional antennas, was 10 meters – quite sufficient for practical use.
What is the danger of attacking Shimano Di2
As the researchers note, professional cycling is a very competitive sport. Cheating, especially the use of illegal drugs, is not unheard of. Exploiting vulnerabilities in the equipment of an opponent’s bike in this sense can be comparable in effectiveness. Therefore, such a cyber attack in relation to professional cycling looks quite realistic.
The equipment used for the attack can be miniaturized and hidden both on the dishonest athlete himself, and, say, on the support vehicle or bicycle hack installed permanently somewhere on the track. At the same time, the sending of commands can be remotely controlled by the support group.
A well-timed command from the attacker to change gears – for example, upshifting before a climb – can seriously affect the bicycle hack victim’s performance. Attacks on the front derailleur, which changes gear more abruptly, can be especially dangerous – in this case, the attacker can stop the athlete. In particularly unfortunate circumstances, an unexpected and abrupt gear change can cause the chain to come off or even be damaged.
Shimano Di2 Wireless Shifter Attack Schematic
Vulnerabilities discovered in Shimano Di2 allow an attacker to remotely control gear shifting on a bike or conduct. Source
In addition to the attacker suddenly changing gears for the cyclist. The researchers also looked into what they call “targeted jamming” of the communications reinvent a bicycle between the shifters and derailleurs. The idea is to constantly send repeating commands to the bicycle hack victim’s bike at a certain frequency. In this case, the derailleur reaches, for example, the top gear. Stays there, no longer responding to real commands from the shifter. This is a DoS attack on the bike’s gear shifting system.
What follows from all this
The authors of the paper note bicycle hack that they chose Shimano equipment. As a subject of analysis simply because the company occupies the largest market share. They did not study wireless systems of Shimano’s competitors – SRAM and Campagnolo. But admit that they, too may well be vulnerable to such attacks.
The researchers reported the vulnerability to Shimano. The manufacturer apparently took it seriously and has already developed an update. Although at the time of writing it was only sent to professional teams. Shimano promises to make the update available to the general public later . The bike can be updated via the E-TUBE PROJECT Cyclist app.
The risk of exploitation for casual, non-professional cyclists is negligible. However, if you ride a bike with Shimano Di2 technology in its wireless form. It would be a good idea to install the update when it becomes available.