Support road.cc

Like this site? Help us to make it better.

“The Tour de France needs to do a proper security review”: Academic behind Shimano electronic gears hacking study on why “it’s hard to tell” if wireless doping has taken place in pro cycling – and why us amateurs shouldn’t be worried

“I find it very hard to believe that on my Saturday group ride, someone is out to get me by hacking my shifters”

For episode 84 of the road.cc Podcast, we took a deep dive into one of the more curious, and headline grabbing, cycling tech studies of recent years – which discovered that your bike’s electronic shifters may be susceptible to hackers, who could even be lurking at the Vuelta a España, waiting to sabotage Primož Roglič’s next move to the big ring.

 

Listen to the road.cc Podcast on Apple Podcasts
Listen to the road.cc Podcast on Spotify
Listen to the road.cc Podcast on Amazon Music

That study, published earlier this month by three US-based cyber security experts, explored the security features of Shimano’s Di2 electronic shifting systems, the current most common method of changing gears in the pro peloton.

The researchers rather worryingly concluded, through a black box analysis of Shimano’s systems and a roadside experiment, that they can be hacked by a relatively simple and cheap radio technique – one that potentially has the power to allow nefarious individuals by the roadside or in the peloton itself to change or jam a rival’s gears without their knowledge during a race, in a bid to scupper their chances of victory.

Pro cyclists’ electronic gears can be hacked and jammed by attackers, researchers say (MakeShift)

> A “different kind of doping”? Pro cyclists’ electronic gears can be hacked and jammed by attackers with £175 device, leaving “no trace” and allowing rivals to cheat, researchers say

Of course, as anyone who’s even accidentally switched over to pro cycling on the TV knows all too well, cheating and trying to one-up your rivals through illegal, dirty deeds is an integral part of the sport’s history: from Maurice Garin allegedly taking a train at the 1904 Tour to the cocktail of drugs that sustained the likes of Coppi and Anquetil, and the heavy duty blood doping of the 1990s and 2000s.

But, setting aside fridges and fridges of blood bags, this new threat of ‘wireless doping’ only adds to the spectre of technological cheating that has reared its head over the last decade, with persistent allegations of hidden motors swirling around the peloton.

So, this latest study – which for the first time, seems to indicate that pro cyclists could gain an advantage not by making themselves go artificially faster but by slowing down or even stopping their rivals – has certainly rang some alarm bells throughout the cycling world.

Faced with the prospect that their wireless gears can be easily hacked, Shimano last week confirmed that they’ve come up with a firmware fix now being used by all pros at the Vuelta and Tour de France Femmes, and available to all customers by the end of August (SRAM and Campagnolo, who were not part of the study conducted by the academics, are yet to comment).

2024 Sram Red AXS vs Shimano Dura-Ace front mech

> No, you won't be able to hack pro cyclists' electronic gears — Shimano shuts down cheating concerns over £175 jamming device, with immediate firmware update to "enhance security" already in use by pro cycling teams

But does wireless doping pose proper existential threat to the cycling world?

To find that out, we spoke to one of the researchers behind the much-talked-about Di2 analysis, Dr Earlence Fernandes, from the University of California in San Diego.

In this week’s podcast episode, Ryan chats to Earlence, a cyclist himself, about what inspired him to delve into the security set-ups and flaws of wireless shifting, how hacking someone’s gears actually works, his subsequent interactions with Shimano, and how pervasive he thinks the threat of wireless doping could be to both the pro cycling world and us weekend warriors out on a Saturday group ride.

Gear spoofer used by electronic shifter hackers (MakeShift)

“It’s hard to tell if people are actually using things like this,” Dr Fernandes said when asked whether his experiment could possibly be repeated in the peloton.

“It’s possible hackers know about these vulnerabilities but don’t talk about it. That certainly happens in the computer security community more broadly, people exploit these vulnerabilities in the dark without the public knowing. But for cycling specifically, I don’t know.”

But what about those non-pro cyclists who’ve moved over to electronic shifting – are they in danger of being hacked?

“I think non-professional cyclists have nothing to worry about,” he reassures us. “I find it very hard to believe that on my Saturday group ride, someone is out to get me by hacking my shifters. That just seems like a threat that’s very, very small.

“In a very competitive sporting environment, it’s by definition adversarial. On your group ride, there might be anti-cycling activists who might want to sabotage you in this way. But the attack requires at least some level of sophistication, so I’m not sure how sophisticated or motivated these anti-cycling activists are.”

> 10 things you didn't know your electronic groupset could do! How to get the most out of Shimano Di2 and SRAM AXS

Despite his assurances, Earlence is also convinced that cycling’s biggest races and the UCI need to get out ahead of the game when it comes to tackling possible cyber hackers, including beyond Di2.

“There’s a lot of technology at these events,” he notes.

“The bikes themselves are just one piece of it, but if you think about the actual race, there’s a lot of technology operating there.

“And someone needs to do a proper security review – the Tour de France, the Giro, the Vuelta, they need actual security professionals to look into this kind of thing. And I hope for their sake they do!”

The road.cc Podcast is available on Apple PodcastsSpotify, and Amazon Music, and if you have an Alexa you can just tell it to play the road.cc Podcast. It’s also embedded further up the page, so you can just press play.

After obtaining a PhD, lecturing, and hosting a history podcast at Queen’s University Belfast, Ryan joined road.cc in December 2021 and since then has kept the site’s readers and listeners informed and enthralled (well at least occasionally) on news, the live blog, and the road.cc Podcast. After boarding a wrong bus at the world championships and ruining a good pair of jeans at the cyclocross, he now serves as road.cc’s senior news writer. Before his foray into cycling journalism, he wallowed in the equally pitiless world of academia, where he wrote a book about Victorian politics and droned on about cycling and bikes to classes of bored students (while taking every chance he could get to talk about cycling in print or on the radio). He can be found riding his bike very slowly around the narrow, scenic country lanes of Co. Down.

Add new comment

6 comments

Avatar
Paul J | 3 months ago
0 likes

The SRAM eTap protocol (at least, as originally released in 2015 or so) is not vulnerable to the replay attack on Shimano as described by these researchers.

Avatar
Chris RideFar | 3 months ago
10 likes

Why use the word "doping" here? You can't just use that word for any type of cheating in bike races, the meaning is a lot more specific than that and doesn't apply to this case in any way.

Avatar
captain_slog replied to Chris RideFar | 3 months ago
4 likes

I agree the analogy doesn't stand up: doping is illicit physiological enhancement; this is plain old sabotage.

Avatar
Pub bike replied to Chris RideFar | 3 months ago
0 likes

It has come to be used for anything in the sport that gives an advantage, and now in this case it has come to be used as something that gives a disadvantage to others.  Isn't natural language fun?!

Avatar
Cayo replied to Chris RideFar | 3 months ago
1 like
Chris RideFar wrote:

Why use the word "doping" here? You can't just use that word for any type of cheating in bike races, the meaning is a lot more specific than that and doesn't apply to this case in any way.

Agreed. We should call it something more meaningful and logical 🤔

...

Got it

...

Geargate! 😉

Avatar
saxman replied to Cayo | 3 months ago
0 likes

 Say what it does - Electronic interference

Latest Comments