More and more electronic components are being installed on bicycles. And not just in terms of the electric motor of the popular e-bikes. Gear shifts and even suspension are also increasingly controlled without a Bowden cable. Instead, manufacturers such as Shimano and SRAM rely on radio connections to transmit the rider’s commands for gear shifting. This is especially true for bikes used in competitive sports. However, during development, not all risks were apparently considered with a view to safety.
Signals of electronic circuits manipulated
Researchers at the University of California San Diego were able to identify a security vulnerability that allowed them to remotely access a Shimano Di2, a wireless gearshift. notice According to the report, the electronic circuit uses the ANT+ protocol, which allowed attackers to monitor their target in real time. They managed to track and send the signals from the circuit so that they could change gears without the driver’s influence. To do this, the researchers used special radio chips. Using so-called software-defined radios (SDR), they were able to take over the gear shifting processes on a specific wheel from a distance of up to ten meters.
A threat to professional cycling
In everyday life, this safety risk does not pose an immediate threat to the life and limb of the cyclist. However, the element of surprise caused by the inexplicable gear shifting process can certainly lead to dangerous situations. In cycling, however, the safety gap poses a great danger. If the leader of a cycling race’s chain moves from the easiest to the hardest gear on a climb, his lead is quickly lost. If the gear shifting processes of an entire group are manipulated ad hoc, this can lead to an increased risk of accidents and thus also to injury.
However, the security experts from the two universities have at least resolved this problem in collaboration with Shimano. The Japanese specialist for bicycle components has made a necessary update available to update its firmware. It is unclear whether other manufacturers are affected by the gap.
