Home
Could hackers attack SRAM's electronic gears? And what does film star Hedy Lamarr have to do with it?

SRAM’s new wireless groupset has created a lot of discussion and debate. A common concern is whether it would be susceptible to electronic attack, either to stop it working completely or for instance, to operate a rival's gears at just the wrong moment, leaving a sprinter twiddling a tiny gear with 200m to go.

So we asked a man who knows. Mark Severs B.Eng is a Senior Systems Engineer for communications giant Arqiva whose day job involves making sure TV programmes get to your screen. He used to write under the name Andy Bentley for cycling and other publications in the early 90s, until he got a real job. He knows a bit about how widgets talk to each other, so we asked what he thought of the SRAM system based on what we know so far.

He told us:

First, the comms protocol has to be a legal one, i.e. approved by every country's radio regulator wherever they will use it. That means that it must be one already recognised by the ITU, he international talking shop for national comms regulatory bodies such at the USA's FCC and Britain's OFCOM. This means that even if it is a bit proprietary it can't be all-new.

Second, Bluetooth and wifi and stuff like that are probably out because they are suited to more to communications and less to control. Wireless control systems are different to wireless comms systems. Also, Bluetooth is very slow and pretty easy to selectively disrupt.

There are a lot of options, but the likely answer is one of the comms protocols used for industrial and domestic control systems that already exist.

As far as disruption goes, there are two ways to disrupt comms; selectively and blanket. If you spew out enough shash in the relevant section of the radio spectrum, everything will fail, affecting all teams equally. That's blanket. Are any other teams using a similar system? A system in the same band? A band near to the band used for their voice radio? If only one team is using a specific band for their "derailleur brains" it is a simple matter of radiating a blanket jamming signal across that band, like one side used to do to the other in the cold war. Jamming a specific frequency is more fiddly but also possible, if you need to get that specific. This form of jamming is illegal but hard to detect without proper tracking systems designed specifically to detect jammers, so you just switch the jammer in the team car on when the heroes get involved in the break, the climb or the sprint.

At this point we dug out the SRAM patent and in particular a paragraph relating to the wireless protocol, which says it's a “2.4 GHz transceiver utilising AES encryption and DSS spread spectrum technology supporting 16 channels and the IEEE 802.15.4 communication protocol." That might as well be Navajo to us, but it spoke volumes to Mark.

It's an ISM or Zigbee/Z-Wave style product then, co-opted for bikes. There are a whole slew of these, too many to list. They are all semi-proprietary, but all available as "off the shelf" chipsets. In this article, there is a table with ISM in the middle, and all the options are just listed as "various".

Specifics: The AES encryption means hard-to-hack, so forget spotty hackers homing in on one specific bike's comms. DSS means "Digital Spread Spectrum", which is expected, and is simply a mechanism for making the radio signal robust and hard to interfere with - you know, by things like microwave ovens, wifi (which lives in the same band), poorly suppressed ignition, etc. DSS is used in everything these days (digital TV, DAB radio, DECT and mobile phones), so it is nothing exotic.

The IEEE 802.15.4 bit is just an international standards listing for physical and MAC activity [Machine Access Control]. You know, like a computer has a MAC address? The patent isn't very "patenty" in that none of this is a new invention, it's all a couple of years old at least. Spread-spectrum was invented by the famous film star Hedy Lamarr in the 1940s, which is one of the most obscure and arcane pieces of trivia I ever learned. She was a maths PhD!

It looks like it is all a versatile comms standard, bidirectional or even meshed maybe, robust, reliable in areas of interference. This no doubt drives some sort of miniaturised by fairly ordinary mechanical actuator system, and there is nothing new in all of that since electronic engine brains in motorbikes shrank all the sensors and actuators for use on throttle butterflies etc etc.

All told it sounds very realistic and workable, based on existing proven technology and impossible to interfere with except for the "blanket" approach I mentioned earlier. Using wide-band spread-spectrum may even make this impractical, which is entirely possible.

There you go then. Thanks in part to a bright idea by a mid-twentieth century film star, SRAM's wireless shifting should resist the kind of electronic attacks people are worrying about.