In professional cycling, where races can be decided in mere seconds, the significance of every aspect of a cyclist's equipment cannot be overstated. A team of computer scientists has recently unearthed a critical vulnerability within the wireless gear-shifting systems used in top-tier bicycles—a weak spot that could potentially affect the outcome of high-profile events like the Tour de France.

A research team from the University of California San Diego and Northeastern University explored Shimano's Di2 wireless gear-shifting technology, which dominates the cycling industry. During black-box analysis, they found three serious vulnerabilities in Shimano's binary wireless protocol, which would allow an attacker to manipulate the gear-shifting remotely.

The first vulnerability identified was the lack of mechanisms to thwart replay attacks. If captured by an attacker and retransmitted, such an attack allows them to take full control of a cyclist's gears without any cryptographic keys. It showed that such an attack could be carried out with commodity software-defined radios with no signal amplification from up to 10 meters away.