Earlence Fernandes is a computer science professor at UC San Diego. He’s also a cycling geek.
He stands next to his bike at UCSD’s computer science building and tells how he commutes to work on his bike and rides for recreation.
“I mostly get into it because it’s an incredibly calming experience,” he said. “When you’re out in the mountains it makes me feel incredibly good.”
He also follows professional cycling, though he knows it has a terrible problem with corruption and cheating. Performance enhancing drugs have been a problem for decades, and it doesn’t end with that.
This year he realized another way to cheat is hacking into someone’s wireless shifter.
He said he does not race but he uses an electronic shifter on one of his bikes. He explained how buttons on his handlebar send a signal to his derailleur on the rear hub to change the position of the chain, in a way that is very precise.
“I used to use mechanical systems all the time. I did not know how good electronic shifting was until I started using it. And there’s no going back,” he said.
But all you need to hack into an electronic shifter is an off-the-shelf device called a software designed radio, which can capture a wireless signal and use it to send a malicious command. You only need to be within about 30 feet of the bike.
Fernandes and a partner tested it on a local hill and produced a video of their ride. They set up the device on the side of the road and remotely shifted Fernandes’s bike into a higher gear, forcing him to slow down.
In a full-on race, this can be dangerous and, again, it’s another way to cheat
“Let’s say the leader of the Tour de France is going up a big mountain. He’s going to be in an easy gear because he has to climb the mountain. Then if we can shift it from an easy to a hard gear, that is going to make him significantly slow down, and lose time,” he said.
But there is a solution, and it’s pretty simple. The same approach has been used with car key fobs and garage door openers.
“So the standard solution is to share a secret number between the shifter and the derailleur that only these two devices know,” Fernandes said. “And so the assumption is that that attacker — someone external to the system — cannot predict what these numbers are. And that is what we recommended to Shimano as a solution and a mitigation.”
Fernandes and a research partner at Northeastern University approached the bike company Shimano, told them of the hacking risk and shared their cybersecurity plan with them.
Shimano sent KPBS a statement, describing the collaboration with Fernandes.
“Shimano did indeed work with these researchers to enhance Di2 wireless communication security for all riders. Through this collaboration, Shimano engineers identified and created a new firmware update to enhance the security of the Di2 wireless communication systems,” the company said.
Fernandes, whose academic specialty is cybersecurity, described Shimano’s action as a “software patch.”
Fernandes didn’t win any royalties from Shimano. But he knows he brought a bit more integrity to a sport he cares about.
