Researchers hack electronic shifters with a few hundred dollars of hardware
- Thread starter JournalBot
- Start date
Interesting these systems are based on bluetooth. Sounds like the bike shifters may be insecure by design. Still with the limited signal and cameras everywhere in big races it might not be a big problem, since the effects would are instantly noticeable.
I'd be curious to know if a moving signal has an effect on Bluetooth signal. Although it wouldn't matter here if the signal is boosted.
I'd be curious to know if a moving signal has an effect on Bluetooth signal. Although it wouldn't matter here if the signal is boosted.
Upvote
16
(21
/
-5)
Why do they use wireless shifting anyway? Is it a weight thing?
How much could a thin control wire weigh anyway?
EDIT: Surely the weight of the batteries would outweigh any control cabling?
How much could a thin control wire weigh anyway?
EDIT: Surely the weight of the batteries would outweigh any control cabling?
Last edited:
Upvote
86
(86
/
0)
I honestly didn't even know that bikes like this existed before this article, but of course they'd have the same kinds of problems all other such devices have. The entire industry isn't super good at this stuff and keeps making the same mistakes over and over again.
Upvote
54
(54
/
0)
The shifters cannot be updated with the E-TUBE app unless they are wired to the battery (which is a possible configuration with the semi-wireless DI2). Instead, the bike needs to be taken to a shop that has an expensive tool that can be plugged into the shifters and perform the update. It's really annoying.
Upvote
55
(55
/
0)
Replay attacks are so basic, it suggests Shimano has previously given very little thought to security.
Car fobs have had rolling keys for years now. There really is no excuse for this.
Car fobs have had rolling keys for years now. There really is no excuse for this.
Upvote
72
(72
/
0)
Same question here - old fashioned tension wire shifters seem lightest and most durable. How is wireless an improvement?
Remember, the S in IOT is for shifting.
Upvote
14
(33
/
-19)
It's not driven by weight, but rather ergonomics, performance, longevity of that performance and ease of maintenance and (primarily for manufacturers) building the bike.
Mechanical shifting requires cables, they rub, fray, stretch and can be a PITA to route internally within a frame whilst limiting their bend radius so as not to add additional friction. Regardless, they have a shelf-life and performance monotonically decays as they get older. If you're racing, these might be a wear item every year or so depending upon conditions and your tolerance of sticky shifting.
All top-end modern groupsets are 12 or 13 speed (at the rear rear), but the space available for the cassette hasn't changed, so the gap between gears on the rear cassette has shrunk commensurately. Trying to finesse mechanical shifting to work well was fine on 10 speed, tedious on 11 speed and deeply frustrating on 12 speed. Due to cable stretch as above, it's also a moving target.
By contrast electronic shifting is so much better to setup and live with, it also allows for simple (but effective) adaption of the front mech on rear shifts to avoid rubbing for example. Functionally it's just better, the shifts are better and they remain that way.
If you're a bike manufacturer then SRAM's AXS system is generally preferred as it's faster to build given that it's fully wireless, so the gear shift components (but not the hydraulic brake lines) just bolt on so making a new bike can be quite a bit faster than for Di2 that involves more (internally routed) wires (and the battery is also internal in the seatpost).
Ergonomics comes into play because everyone wants smaller (hood) shifters in their hands and hydraulic brakes (the standard now) take up more room than rim brakes did, removing the shifting mechanisms that had to be there for mechanical groupsets helps keep the size small.
Also remember that for weight (if you're racing at the elite level) the UCI has a minimum weight limit of 6.8kg that hasn't changed for many years. You can easily build a bike under that weight limit now, so for a lot of bikes they have to add ballast, it might as well be useful (battery, power meter etc)
Upvote
180
(183
/
-3)
“Modern bicycles are cyber-physical systems....”
Ha! Can't wait until the functionality of my bike depends on a subscription.
Of course, I'd get the PremiumPlatinumPro subscription that enables all all 27 gears. The SilverPro plan is good, but 18 gears are just too limiting; I really need my granny gear.
Ha! Can't wait until the functionality of my bike depends on a subscription.
Of course, I'd get the PremiumPlatinumPro subscription that enables all all 27 gears. The SilverPro plan is good, but 18 gears are just too limiting; I really need my granny gear.
Upvote
35
(44
/
-9)
I had no idea this was even a thing before this article. I can see some minor advantages to it, in that it eliminates the slight imprecision and need for adjustments as a cable stretches and wears over time. But I really hope this tech never fully replaces mechanical shifting. The last thing I want is to have to make sure my shifters are charged before going for a ride.
Upvote
15
(20
/
-5)
Can't they keep the electronic shifting but connect the control with a thin cable? No movement of the cable (just signalling), so rubbing won't be an issue...
I dunno, I'm becoming wireless averse and, especially, battery averse as it seems like everything is battery powered, and more and more time is taken up just managing battery power.
Upvote
105
(106
/
-1)
Most riders would charge once a month to a month and a half. My head unit tells me when my charge is at 20%, which is way more than enough time to deal with it, even if I'm on a long ride.
Upvote
39
(39
/
0)
The rear half of Di2 is wired.Can't they keep the electronic shifting but connect the control with a thin cable? No movement of the cable (just signalling), so rubbing won't be an issue...
I dunno, I'm becoming wireless averse and, especially, battery averse as it seems like everything is battery powered, and more and more time is taken up just managing battery power.
Upvote
18
(19
/
-1)
AFAIK the shifters are just buttons, which reduces the amount of mechanical components on the handlebars (no need to drag cables) in turn reducing the weight - which is added by other components. But as was mentioned by @alex.stewart routing and wear of the cables is a pain. It also adds an additional component of tuning the derailleur position and the tension of a very long cable). Integrated wireless groups make the maintenance a lot easier.
Upvote
24
(25
/
-1)
Upvote
27
(30
/
-3)
Can't they keep the electronic shifting but connect the control with a thin cable? No movement of the cable (just signalling), so rubbing won't be an issue...
I dunno, I'm becoming wireless averse and, especially, battery averse as it seems like everything is battery powered, and more and more time is taken up just managing battery power.
Shimano Di2 historically had wires connecting the shifters, derailleurs and battery (and also 'junction boxes' which were basically the microcontrollers and I/O). They are now half-wireless, the shifters are wireless but the battery and derailleurs (no more junction boxes) are wired to each other. SRAM's system is fully wireless.
IMO, the fully wireless setup is better, the reason that SRAM can do it is that both their derailleurs have external batteries whereas Shimano have one (larger) internal battery. Recharging is marginally easier with SRAM's system as you can unclip the batteries rather than bringing your bike near a charger.
The battery life is variable, but I would usually get about 700 km from a Di2 battery, whereas the shifter batteries (coin-cells) last about a year. It's not too bad, but it's in the realm where you don't do it every day, and so you can forget which can be irritating for sure.
Upvote
44
(44
/
0)
Don't forget the derailleurs!
I'm holding off getting some (though I do lust heavily over SRAMs flat chain) until everything can be run off a single internal battery - lights and other accessories included... I may be waiting my entire life or at least in need of an ebike by then, needing a much larger internal battery!
Upvote
1
(3
/
-2)
There are two different aspects to this: electronic shifting in general, and wireless electronic shifting.
Electronic shifting is usually preferred (when price is not a factor) because it's easier to maintain (no cables to change, which is always a pain especially with internal cable routing) and it offers a better experience. It shift better, and can also offer additional features like auto-trimming of the front derailleur, the ability to configure exactly how the bike shift with the press of the buttons, or the ability to see on your head unit what gear you're in. Electronic shifting also makes room in the shifters for hydraulic braking. Mechanical shifting still exist and works perfectly fine, but electronic is just a better experience. I don't know any competitive cyclist that has tried electronic, that would go back to mechanical.
Then wireless electronic shifting. When electronic shifting became mainstream with the first Shimano Di2, everything was wired. You had wires going from the shifters to a junction box, to a battery, and to the front and rear derailleur. Then SRAM came along with a completely wireless solution. It was easier to install and maintain (no cables to route through the frame) and also more reliable, because you don't have the possibility of a cable coming loose (which is pretty common on Di2 with the vibrations from the road). Everyone loved it so much that they begged Shimano for a wireless solution. Today Shimano is semi-wireless with no cables connecting the shifters, but you still have cables between a central battery and the two derailleurs.
Upvote
56
(57
/
-1)
People surprised about electronic groupsets, and the latest iteration of DI2 in general:
Replace the coin cells in the shifters at the start of the riding season, and charge the main battery at the start of every month. You'll be good. Electronic shifting is very much worth it. It's mindbogglingly fast and easy. When I give my backup bike some maintenance rides (to keep the mechanical shifting wires from freezing up due to lack of use; it happens!), I find myself holding down on the shifters like I would on my primary bike to shift gears, and then I get sad because nothing is happening.
Replace the coin cells in the shifters at the start of the riding season, and charge the main battery at the start of every month. You'll be good. Electronic shifting is very much worth it. It's mindbogglingly fast and easy. When I give my backup bike some maintenance rides (to keep the mechanical shifting wires from freezing up due to lack of use; it happens!), I find myself holding down on the shifters like I would on my primary bike to shift gears, and then I get sad because nothing is happening.
Upvote
33
(35
/
-2)
Albino_Boo
Ars Praefectus
Because its smother and less effort. Almost certainly the pro teams have calculated the Watts saved by having a better gear change. Most pro bike rider have pinned collar bones after breaks . Jonas Vingegaard came second in the tour de france 3 months after a crash that broke both collar bones all the ribs on his left side, collapsed one lung and punctured the other. Reducing the mechanical stress on the body is a definite bonus
I've gone from a mechanical groups set to a wireless one because I've broken my wrist a few years back. Changing up to the big ring on mechanical groupset involves me reaching across with my other hand and pulling the shifter.
Upvote
4
(9
/
-5)
Albino_Boo
Ars Praefectus
I'm not convinced that you can get in range for long enough to hack an individual in the peleton. There are strict rules about the separation of the team cars and the peleton and position in the convoy is determined by the position of your riders. The only way you can get in range is to have the best rider in the 1st place
Upvote
-4
(3
/
-7)
My wife's new bike has SRAM AXS and it's quite nice. I always thought it would be a cold day in hell when I paired my bike to my phone but doing so opens up some nice shift options with compensated shifting being my favorite.
To touch on to why make a system wireless over wired it was pointed out previously cables can snag or be pulled loose causing issues. Since bikes will see all manner of conditions a fully wireless system is easier to seal from water ingress as there are no cable ports that can allow water in, especially if the grommet has been pulled loose/damaged.
As for weight, the SRAM batteries feel very light and are super easy to remove and reinstall. The rear derailleur battery lasted about a month and when the low battery alert went off on her Garmin I simply swapped batteries between front and rear derailleurs and we were good to go (we live where it's flat and the front derailleur rarely gets used).
My bike is still fully mechanical and I won't miss all of the cable adjustment/drag when I get a new bike. I just had to replace one of my shifters as the teeth on the ratchet mechanism wore to the point I got stuck in one gear.
To touch on to why make a system wireless over wired it was pointed out previously cables can snag or be pulled loose causing issues. Since bikes will see all manner of conditions a fully wireless system is easier to seal from water ingress as there are no cable ports that can allow water in, especially if the grommet has been pulled loose/damaged.
As for weight, the SRAM batteries feel very light and are super easy to remove and reinstall. The rear derailleur battery lasted about a month and when the low battery alert went off on her Garmin I simply swapped batteries between front and rear derailleurs and we were good to go (we live where it's flat and the front derailleur rarely gets used).
My bike is still fully mechanical and I won't miss all of the cable adjustment/drag when I get a new bike. I just had to replace one of my shifters as the teeth on the ratchet mechanism wore to the point I got stuck in one gear.
Upvote
12
(12
/
0)
Older Di2 did this but, in the age of any exposed cable/hydraulic hose is lost efficiency, everything is designed to hide within the frame. A lot of the drive to go wireless is making install and servicing easier.Can't they keep the electronic shifting but connect the control with a thin cable? No movement of the cable (just signalling), so rubbing won't be an issue...
I dunno, I'm becoming wireless averse and, especially, battery averse as it seems like everything is battery powered, and more and more time is taken up just managing battery power.
My bike still uses good old fashioned mechanical cables, which I was changing recently. It was an extremely time-consuming and frustrating process involving language that cannot be repeated in civilised company. Wires would not be any easier to fish through the frame and guide through the thin tubes towards their tiny outlet holes.
If I had deeper pockets upgrading to a fully wireless system that never needs a cable change would be very appealing. Hydraulic brake hoses will still be an issue, but at least they can handle the tight angles that are needed to get around the stem, headset and bottom bracket and take take the abuse of being pushed and pulled until they go where they are needed.
With new high-end bikes, frames are being designed without the ability to run gear wires of any kind. As with many tech trends in cycling, manufacturers are quickly removing that option and there will be no going back.
Upvote
13
(14
/
-1)
I work in the embedded industry and rolling codes are pretty basic to implement. Last job I worked at, I was the only firmware engineer working on a project with the same requirements as these shifters. Low power, Bluetooth (well, BLE), with "real time" response between the user activating the fob and the remote responding.
The compute requirements for a rolling code is ... basically nothing. On a 64MHz ARM Cortex M4F CPU, generating the next code took under a microsecond. The total time from the user pressing the button on the remote to the device reacting was around 10 milliseconds.
And this was at a company with around $20 million in yearly revenue.
Yeah, Shimano didn't think about security.
Upvote
65
(65
/
0)
If Shimano can't disclose information about how it has improved the security, I sincerely doubt that the security has significantly improved. Security through obscurity is a joke, as already amply demonstrated by the researchers' original hack.
Upvote
20
(21
/
-1)
If you stand on the sidelines of a HC climb (10%+ grade sustained for kilometers), even the pros are going to be going sub-20km/h.
I'm surprised these guys had to do so much work! Grab a nrf52 devkit and there's nordic-recommended tutorials on how to hook it to wireshark to see every bluetooth packet in the area.
I am a little surprised that SRAM and/or Shimano didn't use BLE's encrypted communications capability properly. Again, there's tutorials in the nRF SDK, assuming they're using nordic chips like everyone else. But the threat model was likely "we're under threat of not releasing this on time, and <huge bike mfg> needs the parts now".
For a similar tech/wireless story, one of the teams in the tour this year showed up with a antenna-strewn "command center" which the organizers promptly told them to GTFO since they assumed they were sniffing all the ANT+ and BLE powermeter signals to gain an advantage. Just about every commercial powermeter broadcasts in the blind over ANT+ with no handshakes needed, so it'd be easy to slurp up everyone's power numbers if you had a nice high-gain antenna pointed at the peloton from the team car.
Last edited:
Upvote
34
(34
/
0)
Agree. And the thing about all these batteries is that they're essentially disposable. You get X number of charge/discharge cycles before they stop working.Can't they keep the electronic shifting but connect the control with a thin cable? No movement of the cable (just signalling), so rubbing won't be an issue...
I dunno, I'm becoming wireless averse and, especially, battery averse as it seems like everything is battery powered, and more and more time is taken up just managing battery power.
I used to work on and ride bikes all the time and I love how even really nice bikes are very simple and repairable machines. It bums me out to see them made to work on the same electronics upgrade/obsolescence cycle as every other damn thing these days. I just dread this shit trickling down to everyday bikes because it will destroy their reslilence and repairability.
I can (and really should!) pull out my old 80s Peugeot road bike that's been sitting for ages and with a few simple tools and parts -- a bit of oil, a set of new tires, etc -- have it road-ready in a few hours. And it's like this for any normal bicycle you could find anywhere. You can keep a 50 year-old bike running and useful absolutely forever, very cheaply, and a lot of the world does.
What do we think is gonna happen in a decade or two when someone pulls a bike with a bluetooth derailleur out of storage? The battery will be fucked, you probably will have to work pretty hard to find a device that will be able to connect to it, the server that provided the firmware will be long-dead... most likely someone will just either give up on it or spend money replacing the now-obsolete shifting hardware. Gross.
Last edited:
Upvote
27
(35
/
-8)
Using Bluetooth in and of itself doesn't mean "insecure by design". Nothing prevents the system designer from making the protocol secure (encryption, authentication, equal message lengths regardless of data contents to prevent time-domain analysis, etc).
Still susceptible to noise jamming, like all other RF channels, but that is not unique to Bluetooth. (I.e., a DoS attack.)
Upvote
13
(13
/
0)
Albino_Boo
Ars Praefectus
How are you going to pick an individual quickly out of the 120 odd riders the peleton.
Upvote
2
(4
/
-2)
Law of unintended consequences at work, I wonder if people will now try and troll riders with electronic shifters.
I'll keep my old external cable routed bikes as I don't need the incremental performance increase or the cost of having to take stuff to a shop to get serviced vs. having it easy to work on myself.
I'll keep my old external cable routed bikes as I don't need the incremental performance increase or the cost of having to take stuff to a shop to get serviced vs. having it easy to work on myself.
Upvote
4
(7
/
-3)
I did long distance cycling, 200 to 350 kilometers each day for a week or two. After a whole day of cycling, being 12 hours or more on the bike, mechanical shifting through morse cables becomes tiring for my hands. Switching to a (wired) Di2 system 5 years ago got me a lot of comfort and is really great.
During one long bike trip I got bikers palsy, I had damaged a nerve in my hands due to a uncomfortable bike setup. I was not able any more to shift with my now very weak fingers, so I had to use my wrists to move the levers ... .
Also, my mechanical group set required adjustment after each day or each second day of cycling. My Di2 requires far less attention. Except charging once a month.
I also tried a wireless SRAM system, which was extremely easy to set up. No wires! great. Unfortunately I had a few failures of the derailleurs, so I changed to Shimano Di2.
During one long bike trip I got bikers palsy, I had damaged a nerve in my hands due to a uncomfortable bike setup. I was not able any more to shift with my now very weak fingers, so I had to use my wrists to move the levers ... .
Also, my mechanical group set required adjustment after each day or each second day of cycling. My Di2 requires far less attention. Except charging once a month.
I also tried a wireless SRAM system, which was extremely easy to set up. No wires! great. Unfortunately I had a few failures of the derailleurs, so I changed to Shimano Di2.
Upvote
13
(14
/
-1)
For the BLE replay operation:
I assume you'd be trying to sabotage a GC or sprint leader, so they'd be wearing a yellow or green jersey and would be quite visually distinctive. But because BLE requires devices to use unique addresses, it would probably be sufficient to just do the replay attack (which I assume would include the targeted rider's equipment IDs already) as the peloton goes by. I haven't played with the BLE shifter protocols, but I assume the message is effectively "BLE ID 12:34:56, please shift to gear index 3". So when 12:34:56 is in range, they'll shift to gear index 3 whatever that might mean.
For the spy operation from the team car:
ANT+ is a one-to-many broadcast protocol with no handshakes required, so your team-car radio will be getting dozens or hundreds of packets per second from all the PMs. Write a little parser to extract power numbers and you'd be getting nearly-live power readings. Nice thing about ANT+ is that it's designed so that average powers are still valid even with large gaps in the data stream, so even if you miss a rider for 10sec, you'd still know how hard they're working on average.
Presumably your spy operation has cataloged which PMs belong to which rider. You'd be able to correlate it pretty quickly by observing power spikes when a rider accelerates. And then the team car could radio your riders to say "rider X has been going pretty hard for 5 minutes and will be fatigued, now is your chance to attack and drop them".
Note: I'm not employed and never have been employed by a pro cycling team but have played with cycling-relevant communication protocols!
Last edited:
Upvote
15
(15
/
0)
One reason is it takes installation of a new electronic system from being a major PITA to a simple process that takes a few minutes.
My "old fashion" Di2 road bike came from the factory equipped with wired Di2 11 speed system so they did all the hard work. But when building a bike up or a retrofitting wired system routing the cables from the shifters under the bar tape or through the bars, going around or through the stem/steer tube, down the downtube, possibly up the seat tube to the battery and back through the chainstay to the rear derailleur can be quite a frustrating, time consuming adventure on a carbon bike.
Wireless systems you bolt on the shifters & derailleur(s), sync them up, dial in the limits on older models and you're off to the races. I retrofitted my older mountain bike with a Sram AXS wireless system and it literally only takes a few minutes. On my new mountain bike that I built up from a frame I used their newer T-type wireless system and it is even easier. Both have worked flawlessly.
Upvote
15
(15
/
0)
VanMoof bikes say hi. Although I guess they would if their company didn't fold and now the bikes can't communicate anymore.
Upvote
11
(11
/
0)
For those people asking why electronic shifting is a thing, it offers several advantages over mechanical shifting:
1. it is faster to shift between gears, so you barely have to ease off the power during a gear change.
2. it can be configured to shift multiple gears with one button press
3. it can be configured to reduce cross-chaining (to avoid big-big and small-small)
4. it is doesn't go 'out of tune' like mechanical shifters do when cables stretch
5. It takes less effort to shift gears.
Don't underestimate how important this last point is. Depending on the terrain, I typically shift 7-10 times per km which adds up to a lot of work my hands don't have to do on a long ride. With electronic shifting, you typically pedal a much more consistent cadence because it is so easy to change into the optimum gear.
1. it is faster to shift between gears, so you barely have to ease off the power during a gear change.
2. it can be configured to shift multiple gears with one button press
3. it can be configured to reduce cross-chaining (to avoid big-big and small-small)
4. it is doesn't go 'out of tune' like mechanical shifters do when cables stretch
5. It takes less effort to shift gears.
Don't underestimate how important this last point is. Depending on the terrain, I typically shift 7-10 times per km which adds up to a lot of work my hands don't have to do on a long ride. With electronic shifting, you typically pedal a much more consistent cadence because it is so easy to change into the optimum gear.
Upvote
24
(25
/
-1)