New academic research suggests that the tire sensors installed in most modern vehicles may be unintentionally transmitting identifiable wireless signals, creating significant privacy implications for drivers.
A cybersecurity investigation conducted by the IMDEA Networks Institute has identified an unexpected vulnerability within a system most drivers rarely think about.
Tire Pressure Monitoring Systems (TPMS), mandated in many markets and intended solely to reduce accidents caused by underinflated tires, may also function as continuous wireless identifiers.
During a ten-week real-world study, researchers placed inexpensive radio receivers near roads and parking lots. Over that period, they intercepted more than six million TPMS transmissions originating from upwards of 20,000 vehicles.
Each sensor embedded within a tire repeatedly emits a wireless signal containing a fixed, unique identification code. Crucially, these broadcasts are not encrypted.
Unlike optical tracking technologies such as cameras or automated license plate readers, TPMS signals do not require direct visual access. The radio transmissions can pass through walls, parked cars, and other physical barriers.
With equipment costing approximately $100, an individual could repeatedly detect and re-identify the same vehicle, gradually assembling a movement profile without the driver’s knowledge or consent.
The broader concern lies in scalability. Lead researcher Domenico Giustiniano indicated that distributed networks of discreet receivers could be deployed across urban environments to observe vehicle routines at scale.
By correlating the identifiers transmitted from all four tires, researchers enhanced recognition accuracy, enabling them to infer patterns such as when a vehicle returned home, departed for work, or adhered to consistent daily schedules.
Signals were successfully captured from distances exceeding 50 meters, including instances where vehicles were in motion or parked indoors.
Beyond identification, the transmitted tire pressure information itself may reveal indirect clues. Variations in pressure readings can suggest vehicle category or load weight, potentially exposing commercial transport activity or travel habits.
Unlike telematics systems or GPS tracking services that users consciously activate, TPMS-based monitoring occurs entirely in the background. Drivers receive no notification that their vehicle is broadcasting persistent identifiers.
There are no consent prompts, configuration options, or opt-out features. Existing automotive cybersecurity regulations do not specifically require encryption of tire sensor communications, leaving a substantial portion of the global vehicle fleet exposed to passive signal collection.
The implications extend beyond tire sensors. The findings align with a larger trajectory in the automotive sector: vehicles are increasingly functioning as data-generating platforms.
Modern cars routinely collect behavioral and operational information through cabin sensors, mobile integrations, cloud-linked telematics, and embedded connectivity modules.
High-profile legal disputes involving allegations of unauthorized tracking demonstrate the growing commercial and regulatory tension surrounding vehicle data.
Many features marketed as safety or convenience enhancements rely on continuous information exchange. Road condition detection systems, connected electric vehicle platforms, and globally networked automotive ecosystems all depend on persistent data transmission.
The IMDEA researchers emphasize that TPMS represents a particularly concerning case because it operates outside public awareness and regulatory scrutiny.
As automotive connectivity continues to expand, manufacturers and regulators face a structural challenge. Systems engineered to enhance safety and performance must not inadvertently evolve into tools that enable silent monitoring.
The research underscores the need for updated cybersecurity standards that address not only intentional data collection but also unintended broadcast vulnerabilities embedded within essential safety technologies.
