MakeShift: Security Analysis of Shimano Di2 Wireless Gear Shifting in Bicycles

Authors: 

Maryam Motallebighomi, Northeastern University; Earlence Fernandes, UC San Diego; Aanjhan Ranganathan, Northeastern University

Abstract: 

The bicycle industry is increasingly adopting wireless gear-shifting technology for its advantages in performance and design. In this paper, we explore the security of these systems, focusing on Shimano's Di2 technology, a market leader in the space. Through a blackbox analysis of Shimano's proprietary wireless protocol, we uncovered the following critical vulnerabilities: (1) A lack of mechanisms to prevent replay attacks that allows an attacker to capture and retransmit gear shifting commands; (2) Susceptibility to targeted jamming, that allows an attacker to disable shifting on a specific target bike; and (3) Information leakage resulting from the use of ANT+ communication, that allows an attacker to inspect telemetry from a target bike. Exploiting these, we conduct successful record and replay attacks that lead to unintended gear shifting that can be completely controlled by an attacker without the need for any cryptographic keys. Our experimental results show that we can perform replay attacks from up to 10 meters using software-defined radios without any amplifiers. The recorded packets can be used at any future time as long as the bike components remain paired. We also demonstrate the feasibility of targeted jamming attacks that disable gear shifting for a specific bike, meaning they are finely tuned to not affect neighboring systems. Finally, we propose countermeasures and discuss their broader implications with the goal of improving wireless communication security in cycling equipment.

Open Access Media

USENIX is committed to Open Access to the research presented at our events. Papers and proceedings are freely available to everyone once the event begins. Any video, audio, and/or slides that are posted after the event are also free and open to everyone. Support USENIX and our commitment to Open Access.

This content is available to:

BibTeX
@inproceedings {298963,
author = {Maryam Motallebighomi and Earlence Fernandes and Aanjhan Ranganathan},
title = {{MakeShift}: Security Analysis of Shimano Di2 Wireless Gear Shifting in Bicycles},
booktitle = {18th USENIX WOOT Conference on Offensive Technologies (WOOT 24)},
year = {2024},
isbn = {978-1-939133-43-4},
address = {Philadelphia, PA},
pages = {75--88},
url = {https://www.usenix.org/conference/woot24/presentation/motallebighomi},
publisher = {USENIX Association},
month = aug
}