Researchers from the University of California San Diego and Northeastern University conducted a study that found that wireless shifting systems in premium bicycles are vulnerable to cyberattacks. This threat could potentially negatively impact major cycling races such as the Tour de France.
According to researchers, attackers’ exploitation of vulnerabilities in gear shifting systems could give a competitive advantage to some participants in cycling races and harm other athletes. Access to the gear shift may result in gear manipulation or shift locking, which can potentially result in serious injury.
The report said the researchers worked with Shimano’s Di2 wireless shifting technology, which they called “market leading.” Experts found that it works “by deploying wireless communication links between the gear shifters that control the bike and a device that moves the chain between the sprockets, called a derailleur.” By recording and transmitting various commands, the researchers found that they could attack a wireless system from 10 meters away using “off-the-shelf devices.” They also found that it was possible to disable gear shifting on a specific bike with a targeted attack, rather than affecting all nearby bikes.
The researchers are currently working with Shimano engineers to address the identified vulnerabilities, and the company has already begun testing some of the proposed countermeasures. Shimano officials have not yet commented on this issue.