Tire pressure monitoring systems (TPMS) provide critical safety telemetry, alerting drivers to dangerous tire conditions before they cause accidents. However, the wireless signals that enable this safety feature also broadcast data that can be intercepted by third parties, introducing unintended privacy risks.
Evaluating telemetry signals
A recent security assessment conducted by researchers from universities in Spain and Luxembourg evaluated the information exposed by these systems. Using standard spectrum receivers costing approximately $100 each, the research team monitored TPMS transmissions along a public road. Over a 10-week period, they recorded over six million transmissions from roughly 20,000 passing vehicles. By analyzing this data, the team successfully correlated signals including individual tires and track the movement patterns of 12 specific test vehicles.
The documented findings indicate that TPMS telemetry can reveal potentially sensitive information, including a vehicle's presence, type and general driving patterns. Because TPMS sensors have been mandated in the United States since 2007, this exposure affects a broad portion of the modern vehicle fleet. The sensors transmit data automatically at regular intervals whenever a vehicle is in motion. They communicate wirelessly with the vehicle's onboard computer or dedicated TPMS controller without requiring pairing or authentication, and they cannot be disabled without compromising the safety function they provide.
Cleartext transmissions and unique identifiers
The core security gap lies in the transmission protocol: TPMS data is broadcast over the air in clear text. When a sensor transmits a pressure reading, it includes a static, unique identifier that allows the vehicle's control module to distinguish its own tires from those of nearby vehicles. This identifier remains unchanged throughout the tire's operational lifespan. Because the communication lacks encryption, anyone operating a compatible receiver can capture these identifiers including outside the vehicle.
Prior security evaluations suggested these signals were limited and a 40-meter range. However, this recent study demonstrated that data capture is reliable at distances up to 50 meters, even when the receiving equipment is placed inside a building without nearby windows.
These findings contribute to a growing body of research detailing how modern vehicles can operate as unintended platforms for privacy exposure and unauthorized access. Modern cars contain numerous components—such as keyless entry fobs, in-car entertainment systems, and connected diagnostic ports—that emit signals capable of being intercepted and analyzed in ways equipment manufacturers never intended.
Addressing these exposures requires adopting secure-by-design principles across the automotive supply chain. By ensuring that future telemetry systems incorporate standard encryption and authentication, manufacturers can protect driver privacy without interfering with essential vehicle safety operations.