It's a sunday and many friends sent me this paper by Maryam Motallebighomi and Aanjhan Ranganathan delving deep into their security assessment of Shimano's Di2 wireless shifting architecture and hardware
Needless to say, with the football on, I delved deep into understanding it a bit more
1: Replay Attacks - let me change gear for you
2: Targeted Jamming - now you can't change gear
3: Information Leakage - gear selection leakage (meh dude i can SEE this
Ok they are meh bugs
The researchers were able to execute replay attacks from a distance of up to 10 metres using software-defined radios without amplifiers
They note that beyond this distance the signal falls outside the effective range
But first, it's maths time (notice the s, very important)
Pro pelotons average 45km/h, and if this 10 meter baseline is important,
45km/h=45×3600s1000m=12.5m/s
So, it takes 0.8 seconds to cover 10 meters at a speed of 45 km/h.
If you've ever watched a race before, you might struggle to move at that speed whilst carrying an SDR, launching the attack to capture the change (again, you need to have the rider DO the change to capture) and then replay it to drop gear
It's just not feasible imho & that's from someone who rides. In a lab, sure and yes there are things like rolling codes or even better PSK approaches but maintenance and other elements come into play here.
Then right at the end they did the clanger, you called it what?
I do appreciate the depth of research here but come on brothers, this isn't that at all.
Anyway full paper can be found at
Academia come outside, it's fun sometimes and you forget the two-column approach very quickly toousenix.org/system/files/w…
Share this Scrolly Tale with your friends.
A Scrolly Tale is a new way to read Twitter threads with a more visually immersive experience.
Discover more beautiful Scrolly Tales like this.