IoT Security Researchers Uncover Method to Track Cars via Tire Sensors Using low-cost receivers deployed along roads, academic researchers tracked drivers and their movement patterns. By Ionut Arghire | March 3, 2026 (4:40 AM ET) Flipboard Reddit Whatsapp Whatsapp Email Data transmissions from tire pressure sensors can be captured using low-cost equipment placed along roads to track drivers, academic researchers have demonstrated. The Tire Pressure Monitoring System (TPMS), which is now mandatory in vehicles worldwide for improved safety and maintenance, transmits a unique identifier in clear text, exposing the transmissions to eavesdropping and potential tracking. Academics from Spain, Switzerland, and Luxembourg have published a research paper (PDF) on how low-cost receivers can be used to capture these unencrypted passive transmissions to infer car movement patterns. They deployed five receivers that, for 10 weeks, captured over 6 million TPMS messages from approximately 20,000 vehicles. Because the unique identifier transmitted by the TPMS does not change throughout the life of the tire, the researchers were able to match the signals to cars and track a set of verified cars. “Our results show that TPMS transmissions can be used to systematically infer potentially sensitive information such as the presence, type, weight, or driving pattern of the driver,” the academics note. Advertisement. Scroll to continue reading. Easily deployable, each receiver costs roughly $100, making the tracking system rather affordable and demonstrating that car makers should reconsider the use of plain text wireless transmission, the researchers explain. “TPMS transmissions are sent without any encryption or secure mechanisms and include a unique identifier. This allows anyone with affordable equipment like a low-cost spectrum receiver and a standard off-the-shelf antenna to capture and track them throughout time and space,” the academics say. The researchers argue that attackers could deploy such receivers at scale for mass tracking of drivers. Attackers could combine the passive tracking with active spoofing of sensor signals, sending fake flat tire alerts to trucks to force stops and hijack their cargo , the academics note. According to the researchers, an attacker could also link TPMS sensors with a specific person of interest, for targeted tracking using publicly available software-defined radios. “Attackers can use this information to learn, predict, and exploit a person’s movements, points of interest, and behavior patterns,” they note. Related: Old Attack, New Speed: Researchers Optimize Page Cache Exploits Related: WhisperPair Attack Leaves Millions of Audio Accessories Open to Hijacking Related: ‘ZombieAgent’ Attack Let Researchers Take Over ChatGPT Related: Researchers Expose WHILL Wheelchair Safety Risks via Remote Hacking Written By Ionut Arghire Ionut Arghire is an international correspondent for SecurityWeek. More from Ionut Arghire Hackers Weaponize Claude Code in Mexican Government Cyberattack Canadian Tire Data Breach Impacts 38 Million Accounts 38 Million Allegedly Impacted by ManoMano Data Breach 900 Sangoma FreePBX Instances Infected With Web Shells Aeternum Botnet Loader Employs Polygon Blockchain C&C to Boost Resilience Gambit Security Emerges From Stealth With $61 Million in Funding Zyxel Patches Critical Vulnerability in Many Device Models US Sanctions Russian Exploit Broker Operation Zero Latest News Vulnerability Allowed Hijacking Chrome’s Gemini Live AI Assistant OpenClaw Vulnerability Allowed Websites to Hijack AI Agents Madison Square Garden Data Breach Confirmed Months After Hacker Attack Nick Andersen Appointed Acting Director of CISA AWS Expands Security Hub Into a Cross-Domain Security Platform North Korean APT Targets Air-Gapped Systems in Recent Campaign Google Working Towards Quantum-Safe Chrome HTTPS Certificates US-Israel and Iran Trade Cyberattacks: Pro-West Hacks Cause Disruption as Tehran Retaliates Trending Daily Briefing Newsletter Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts. Webinar: Identity Under Attack: Why Every Business Must Respond Now February 11, 2026 Attendees will walk away with guidance for how to build robust identity defenses, unify them under a consistent security model, and ensure business operations move quickly without compromise. Register Virtual Event: Ransomware Resilience & Recovery 2026 Summit February 25, 2026 SecurityWeek’s 2026 Ransomware Summit will discuss a roadmap for defending the enterprise, from mitigating root causes to mastering recovery, giving security teams the critical insights needed to navigate and neutralize today’s ransomware extortion threats. Submit People on the Move Nick Andersen has been appointed Acting Director of CISA after the departure of Madhu Gottumukkala. Predictive revenue system company Clari + Salesloft has named Peter Liebert as CISO. Nscale has appointed Latha Maripuri as Chief Information Security Officer. More People On The Move Expert Insights Four Risks Boards Cannot Treat as Background Noise The goal isn’t about preventing every attack but about keeping the business running when attacks succeed. (Steve Durbin) How to Eliminate the Technical Debt of Insecure AI-Assisted Software Development Developers must view AI as a collaborator to be closely monitored, rather than an autonomous entity to be unleashed. Without such a mindset, crippling tech debt is inevitable. (Matias Madou) Security in the Dark: Recognizing the Signs of Hidden Information Security failures don’t always start with attackers, sometimes they start with missing truth. (Joshua Goldfarb) Living off the AI: The Next Evolution of Attacker Tradecraft Living off the AI isn’t a hypothetical but a natural continuation of the tradecraft we’ve all been defending against, now mapped onto assistants, agents, and MCP. (Etay Maor) Why We Can’t Let AI Take the Wheel of Cyber Defense The fastest way to squander the promise of AI is to mistake automation for assurance, and novelty for resilience. (Steve Durbin) Flipboard Reddit Whatsapp Whatsapp Email