TPMS: Low-Cost Receivers Enable Vehicle Tracking
Context and Chronology
An academic team showed that tire telemetry emits stable identifiers that can be captured by simple radio kits, enabling location linkage over time. Deploying five receivers for ten weeks, the researchers recorded over 6,000,000 messages tied to roughly 20,000 vehicles, with each node costing about $100. The setup used passive collection; no invasive hardware or complex exploits were necessary, demonstrating operational ease at street scale. This elevates what was treated as maintenance telemetry into an actionable privacy vector.
The practical consequences include persistent location profiles and the ability to correlate telemetry with known persons or assets. The researchers warn that combining passive capture with active signal injection could force stops or manipulate vehicle responses; attackers could thus amplify a tracking campaign into targeted interdiction. Dr. lead researcher frames the result as a bridge between low-cost radio tools and physical-world surveillance, showing how low-friction deployments can map movement patterns. Those patterns reveal dwell points, routes, and behavioral fingerprints that extend beyond mere presence data.
Mitigation options are technical and policy-driven: rolling identifiers, on-sensor cryptography, or protocol redesign would raise cost and complexity for attackers but require OEM coordination and regulatory pressure. Regulators and highway operators now face a binary trade-off between incremental firmware fixes and full protocol replacement, each with distinct supply-chain impact. For those who want to inspect the paper, the study is available at the project PDF. Industry players must decide rapidly: accept an exploitable telemetry regime, or invest to break the economics of cheap interception.
Read Our Expert Analysis
Create an account or login for free to unlock our expert analysis and key takeaways for this development.
By continuing, you agree to receive marketing communications and our weekly newsletter. You can opt-out at any time.
Recommended for you
Automakers selling driver telemetry to insurers fuels privacy and pricing fights
A driver discovered his braking event reached an insurer via his vehicle maker’s telemetry, sparking a lawsuit and renewed scrutiny of data sales. Regulators and consumer groups warn that widespread collection—affecting roughly nine in ten new cars—has real price and consent implications.
Russian reconnaissance satellites shadow European geostationary communications
Two Russian spacecraft have repeatedly loitered near European and NATO-aligned geostationary communications satellites to map antenna pointing, ground terminal locations and traffic timing — while one of the inspector platforms fragmented after being moved to a disposal trajectory. That technical reconnaissance not only raises collision and debris hazards in GEO but also amplifies asymmetric risks by making it easier to target or exploit commercial satellite links, including their potential misuse to steer guided munitions.
ZeroDayRAT: Commercial spyware kit offers comprehensive remote control of Android and iOS devices
A commercially marketed spyware package circulating on Telegram equips buyers to fully surveil and control infected Android and iOS phones, combining continuous credential and clipboard theft with persistent device monitoring. Researchers warn operators also adopt resilient distribution tactics—including droppers, mirrored hosting and abuse of public repositories—that speed payload rotation and complicate takedown.
AirSnitch: wireless client‑isolation exploit threatens routers
New research named AirSnitch demonstrates a cross‑layer Wi‑Fi exploit that defeats client isolation across consumer and enterprise gear. The flaw enables bidirectional man‑in‑the‑middle attacks, RADIUS spoofing, and credential theft, forcing firmware, silicon, and architecture changes.
APT37 expands toolkit to pierce air gaps using removable media and cloud C2
Zscaler observed a December 2025 APT37 campaign that combined five newly identified modules — including a memory‑resident loader, a backdoored interpreter runtime, a USB relay spreader and an Android surveillance app — to pierce air‑gapped enclaves while using a mainstream cloud storage service for command-and-control. Defenders should couple stricter removable‑media controls with identity‑first telemetry and cross‑service signal fusion; platform takedowns help but do not eliminate the underlying tradecraft.
U.S. Defense Boost for Autonomy Carves Open Market for RF Sensing and Training Consolidation
The Pentagon’s proposed standalone autonomy line item and associated prize competitions are accelerating procurement of AI-enabled platforms, privileging resilient perception, low‑latency compute and orchestration software. Concrete commercial moves—ranging from a staged VisionWave–SaverOne RF partnership and FPV airframe and training awards to a $100M round for ground‑vehicle autonomy—illustrate how milestone‑driven transactions and bundled hardware‑plus‑training offers are shortening the pathway from prototype to fielded capability.
Russian Forces Fit Starlink Terminals to Cheap Attack Drones, Extending Reach Toward NATO Borders
Ukrainian analysts say Russian operatives are mounting Starlink terminals on inexpensive attack drones to defeat electronic jamming and guide strikes from deep inside Russian-held territory. Recent high-casualty strikes — including a passenger-train carriage hit near Kharkiv and a large overnight barrage on Odesa — have sharpened diplomatic pressure on the satellite operator as governments press for technical and contractual measures to prevent misuse.
Hyundai and Kia Debut Vision Pulse — UWB-Based System That Maps Nearby Objects with Centimeter Precision
Hyundai Motor Company and Kia introduced Vision Pulse, a driver-assistance system that uses ultra-wide band (UWB) signals to determine nearby object positions in real time with high precision and low latency. Early pilots target industrial settings and school-bus safety; broader production use will depend on device interoperability, regulatory acceptance, and market rollout.