Uncovering the Secrets of Tire Pressure Monitoring Systems
Yago Lizarribar
DEF CON 33 · Day 1 · Main Stage
In this DEF CON talk, Yago Lizarribar, a researcher specializing in the intersection of cybersecurity and artificial intelligence, sheds light on significant vulnerabilities within **Tire Pressure Monitoring Systems (TPMS)**. Specifically, the presentation focuses on **Direct TPMS (DTPMS)**, a safety-critical component mandatory in vehicles across the US and Europe for over a decade. Lizarribar demonstrates how these systems, designed to enhance vehicle safety by monitoring tire pressure, are fundamentally insecure due to a pervasive lack of encryption and authentication in their wireless communication protocols.
AI review
Competent, well-executed work on a legitimately underappreciated attack surface — TPMS spoofing and passive vehicle tracking via SDR. The research is real, the demos land, and the car-correlation technique using shared ID prefixes is a nice practical touch. Problem is this isn't new territory: academic papers go back to 2008, there was a DEF CON talk in 2018, and the speaker acknowledges both. The core contribution is incremental — better tooling, updated cost analysis, manufacturer-specific behavioral profiling — not a paradigm shift.