“The Tour de France needs to do a proper security review”: Academic behind Shimano electronic gears hacking study on why “it’s hard to tell” if wireless doping has taken place in pro cycling – and why us amateurs shouldn’t be worried

The road.cc Podcast

Aug 23 2024 • 39 mins

For episode 84 of the road.cc Podcast, we took a deep dive into one of the more curious, and headline grabbing, cycling tech studies of recent years – which discovered that your bike’s electronic shifters may be susceptible to hackers, who could even be lurking at the Vuelta a España, waiting to sabotage Primož Roglič’s next move to the big ring.

That study, published earlier this month by three US-based cyber security experts, explored the security features of Shimano’s Di2 electronic shifting systems, the current most common method of changing gears in the pro peloton.

The researchers rather worryingly concluded, through a black box analysis of Shimano’s systems and a roadside experiment, that they can be hacked by a relatively simple and cheap radio technique – one that potentially has the power to allow nefarious individuals by the roadside or in the peloton itself to change or jam a rival’s gears without their knowledge during a race, in a bid to scupper their chances of victory.

In this week’s podcast episode, one of the researchers behind the much-talked-about Di2 analysis, Dr Earlence Fernandes, a cyclist himself, chats about what inspired him to delve into the security set-ups and flaws of wireless shifting, how hacking someone’s gears actually works, his subsequent interactions with Shimano, and how pervasive he thinks the threat of wireless doping could be to both the pro cycling world and us weekend warriors out on a Saturday group ride.