Wireless shifting vulnerable to jamming / interference

There isn’t. We are at the mercy of companies that manufacture products that we depend on, and they SHOULD be a hell of a lot more secure than they are! Sure, though, some of the issues aren’t ‘security’ as much as just unfortunate ‘stuff happens’ things. If they use the 2.4ghz band, it’s a flooded river of crap. So much garbage that just clogs up the river if it gets out of control. Heck, a microwave oven was killing my ANT+ connections. Some businesses used high power light fixtures that put out so many harmonics they even stomp on wired ethernet signals.

But ‘security’ should be way more important than it is generally out in this ‘high tech world’ we live in.

Do I worry about security? No. Am I paranoid? Hah, no… I do however limit my ‘surface area’ as much as I can. I don’t bank online, use Apple iCloud’s ‘hide my email’ service as much as I can, have an insane wifi password, don’t reuse passwords. But could someone hack my Di2? Sure. Could someone unlock my car with a ‘black box’ bought on the internet? Yep. Could someone clone my cellphone? Sure, but they would be bored. Could someone hack my security camera system? Well, it would be harder as it’s not wifi based.

My point has been that those things shouldn’t be possible if the corporations took security a lot more seriously than they do. (a few years ago there were bills in Congress to hold corporations that had data leaks criminally responsible for them happening, and supposedly would increase the fines and penalties if it was found out that something was not properly configured that caused it. It was ‘killed in committee’. It died in darkness, and most people don’t have a clue that the US Congress decided to do nothing, less than nothing)

Security HAS to be taken seriously across the industry, bikes, cars, planes, cellphones, websites, routers, firewalls, etc, etc, etc…

Until it doesn’t. There are things in the works to add more frequencies for ‘consumer goods’. Who knows how long it will be before that happens, and then how long it will take for industry to change/upgrade their equipment to take advantage of it. But the 2.4Ghz band will be a hot mess for years, and it’ll only get worse.

But whatever… Security will be taken as seriously as the fines and penalties for not doing it, and public use frequencies will just get worse over time.

Hopefully the additional freqs come soon, and industry start using them, and they also take security far more seriously. (And pigs could fly)

But watch DEFCON videos. It’s a crazy world out there… They actually hack elevators! That would be interesting… (Are the elevators at the Manhattan Marriott Marquis working well yet?)

https://m.slashdot.org/story/431980

Ignore the comments. It’s the internet remember.

Perhaps I don’t quite understand what’s meant by “I don’t worry about security”, but I assume one would avoid banking online and hide email if they’re worried about security. I absolutely am worried about security, and everyone else should be too.

As for paranoia, I’d say not banking online is crossing that imaginary line, but if it makes you feel more secure then by all means. I’d rather spend my time riding than going to the bank though.

That’s a curious viewpoint as SIM cloning is a serious issue with massive consequences, but I have no clue how/what your phone is tied to or used for.

Shouldn’t be easy; no matter what, breaches will be possible. We are humans after all.

And yet despite your dark predictions, wireless shifting continues to work. I’m still waiting on signal interference to cause my shifting to stop or misbehave, despite being in near proximity to hundreds and thousands of riders, each of which is running 1-5 ANT+/BT devices. Imagine a large mass-start race like Unbound, if wireless shifting was as prone to interference issues as you claim

Wires are only a problem if you’ve failed to set your bike up properly. There really isn’t a fundamental need for wireless on road bikes.

Next up: there is no fundamental need for electronic shifting.

I’m being facetious, but the arguments remind me of the shift to disc brakes, wider tires and the like.

Is the old di2 fully wired electronic shifting? I’ve never used it and dont know much about it, but doesn’t it still use ant+?

I’m worried about security just not bike wireless shifting security.

I’m not saying shimano and sram shouldn’t have it on their list to address but maybe not their top priority.

Flawlessly not

At this moment in time just about anything electronic that has communication built in can be hacked. However it usually takes some time and effort and for most people it’s of no benefit. There will always be bad actors. The good guys will always keep putting out updates to block know hacks.
There are more important things for me to do in life besides worry. As I sometimes say Schite happens.

I’ve provided one example of where wires are in fact a problem, regardless of how well they’re set up. Corded telephones work perfectly fine so long as you set them up properly, until someone trips on the cord.

Yes!! I was on the FB Peloton group, and the rants about apartment dwellers having MAJOR issues running anything ‘wireless’ for their workouts was fairly constant. HRM straps being one of the most problematic due to the interference and just hot mess in their building. One person commented somewhat tongue in cheek I hope that the poster needed to ‘turn their apartment into a Faraday cage’ to block the noise from swamping their workouts. That kind of problem is going to be hard to fix, short of doing some kind of damping field, plus in an apartment with a lot of people working out in their apartments, making sure you have your HRM, or other sensors could be interesting. Occasionally people would post comments on finding they were using someone elses sensor, especially when they are setting up a new sensor or after a Peloton wipe.

This goes back to my rant when I ran a computer company, big box stores tend to project wifi to their customers as being like ‘Magic’, fixing a of their issues and causing the sun to come out and birds to sing. The problem with that ignorant attitude is that many times It’s Not Magic! Wifi is NOT a one size fixes all solution, and it goes to most radio based communications. People would be sold range extenders where they have almost no signal to extend. But I’m off topic.

Okay…

And my comment you refer to wasn’t even about any of your comments. Flooded, and poorly placed frequencies have plagued consumer devices on some level for years. Adding different frequency bands moves the communications to a different ‘road’, and could mean a more resilient connection, and the ability to have wider bandwidth to support faster connections raising the amount of data that can be sent/received. I look forward to the possibility of having a more resilient ANT+ connection. As a result of the problems I’ve had, I’ve turned ANT+ off.

And to get this back to the title: Jamming and interference could be a huge issue as it would be easier to pull off, and would effect anyone using the effected technology. ‘Hacking’ would be a targeted attack on a specific user through a flaw in the technology they use.

The sad part is the answer to 'can all jamming and interference attacks be defended against?" is no. The one good thing is that a rider with wireless shifting is only effected if they need to shift. Like people that realize their battery is dead only find out when they need to shift. A SDR (software defined radio) or some other battery powered device could be in a backpack, or a tote bag, and technology could make them even smaller.

Hacking would be generally a little more noticeable, potentially, and would be also harder to recognize as a threat to the peloton as it would only effect one rider, unless there are multiple attacks from the same, or additional devices. Could ‘hacking’ be defended against? If security is strong, yes. The problem is if security is strong, and interrupting the event is the goal, a simpler jamming attack would be far easier, and far more effective, and as I said, far harder to defend against if the peloton is switched completely to wireless shifting. Put near the base (or top) of a huge climb, the event is over until the jamming stops. No shifting at all…

For hacking, a bike swap would solve it (perhaps temporarily) but wouldn’t solve a jamming issue unless the swap bike isn’t wireless. (Would they stock wired Di2 in case that happens? Sounds paranoid, but if wireless shows to be too unreliable I could see that happening. So why go wireless? Your sponsor’s newest doodad has to be marketed, and they are paying you to do that. shrug It’ll be interesting, the day someone pulls off an effective jamming campaign.

And I’m done with this thread.

Like most things, wireless shifting has a risk/benefit tradeoff. For me, the risk of jamming/hacking effecting my ride or race is very small and the risk is more than acceptable when weighed against the benefits of wireless (for me). Others may measure the risk/benefit differently and they can choose to go wired or mechanical if the risk of wireless is too high. My personal experience after many miles on multiple bikes in all kinds of conditions is that wireless is more reliable than wired. And both are more reliable than mechanical. A rash of proven jamming/hacking events might change my opinion on that, but it’s definitely not a scenario I’m going to lose sleep over.

If SRAM offered a “super secure” option of their drivetrain that was 100% jam/hack proof for $50 more, I’d pick the one that isn’t secure and save the $50. If I were running product management at Shimano or SRAM, I’d do the easy and low hanging stuff to make the product somewhat secure, but I wouldn’t be spending the resources to go further. Nothing is ever 100% secure anyway the $ spent on trying to make wireless shifting more secure (beyond the basics) would be better spent elsewhere to make the product better (in my opinion). It’s a very different discussion for a life-dependent medical device, you have to right size the investment in security with the risk/impact of a failure. Sure, a public breach at something like the TDF would be painful and affect brand confidence and sales, but again I personally consider it low risk and I’d take my chances and deal with the fallout (probably get fired) if it happened.

This.

Balancing usability and security is hard, and making a product very secure likely makes it less easy to use. I used to work in the R&D department for a leading supplier in the semiconductor industry. During my time there, we were constantly fighting with IT, because they put us in such a tight straitjacket that we literally couldn’t do our jobs. We understood their motivation, and at least I feel they did not understand how we worked and struck the wrong balance as a consequence.

I’ve literally been using wireless since the first-gen AirPorts (the first cheap mass market wifi base station). Yes, interference is a thing, especially powerful emitters such as microwaves. If I put my iPhone on the opposite end of the room and stand in front of the microwave, my Bluetooth connection is intermittent.

Still, wireless technologies are very mature at this point, which does not mean flawless or always working. No technology ever is.

That’s what we need. More rules.

Every law can be challenged in court, especially new ones since legal precedent hasn’t yet been established. That takes years, and the tech industry has always managed to outpace the judicial system.

One could make a similar argument about wired electronic shifting vs. mechanical.

And disc brakes vs caliper.

And suspension on mountain bikes vs rigid.

And bikes vs feet.

And legislation that would have done just what I said was killed in Congress. Why? Ask the political party that killed it. As I remember, it was a ‘party line vote’.

And why shoes, or underwear, or medicine, or…

My college logic professor would have a fit…

Wireless is the next progression from wired networks. Not all wireless is so exposed, yet all wireless is susceptible to interference and ‘blocking’. But leaving users able to be hacked easily is a problem for people that want to hack just because they can. People think hackers are looking for something of value, but just being in a system is enough for many of them. They hack for bragging rights, it’s the state sponsored hackers that are looking for information, money, secrets, power…

Perhaps it’s the cycling teams that can’t win by any other means that attacking rivals?

Which bill was that? I’m interested in the nuance of the requirements.
EDIT: All I can find was a bill about federal government cybersecurity issues.

100%. It could indeed be an issue for the pros (isn’t that how a 39 year old Cavendish won that final TDF sprint? ) But for the average user, can’t see any downside, other than crazy pricing.

Yeah, would someone want to hack my Di2? The first question is always ‘Why?’.

But the obvious draw would be to disrupt an active world class bike race. Yeah, but hacking individual bikes would be more involved than just disrupting the entire range of electronic shifting bikes. That does open the idea of race/tour organizers actually monitoring the transmissions and bandwidth around those events and issuing alerts when the level of ‘noise’ rises to the level of being a problem.

So, would I want wireless Di2? Hah, from a cost basis, heck no. Am a (are we) susceptible to an attack, using wired Di2? It seems that it would be more involved. Setting up passwords might help. Wireless SRAM or Di2? You can never say never that it might be attacked. (I just replaced out firewall because the unit we were using has a vulnerability. Do I do anything that would attract attention? Just being here, just being seen is enough. (I was always humored at the number of attacks our business firewall got in X-mas morning and the weeks after from all the kids that got a 'puter and were sure they would be the next 'World Super Hacker, All Fear My Power! But the little weasels occasionally DO get in!!