A “different kind of doping”? Cyclists’ electronic gears can be hacked and jammed by attackers with £175 device, researchers say; Tour de France drama: Was Niewiadoma right to take advantage of yellow jersey Demi Vollering’s crash? + more on the live blog

Picture the scene: You’re out on your Sunday club ride, and the group’s most annoying member is beside you at the front, constantly half-wheeling you on his shiny new bike, as you trudge your way up the latest long, dead drag.

Now imagine you had the technology to jam his electronic shifting system, shunting him down to the back of the group and leaving you to the tranquillity of a non-half-wheeling weekend spin.

Well, according to some US-based researchers, you can do exactly that.

> 10 things you didn't know your electronic groupset could do! How to get the most out of Shimano Di2 and SRAM AXS

During a paper delivered at this week’s Usenix Workshop on Offensive Technologies conference in Philadelphia, three academics from UC San Diego and Northeastern University revealed a radio attack technique that can target and hack into Shimano’s Di2 wireless electronic shifting system, causing a cyclist’s gears to change, or even be disabled, without their control – a technique, if used in the context of the pro peloton, one of the researchers points out, could lead to a “different kind of doping”.

In their paper, ‘MakeShift: Security Analysis of Shimano Di2 Wireless Gear Shifting in Bicycles’, Maryam Motallebighomi, Earlence Fernandes, and Aanjhan Ranganathan claim that the relatively simple attacks – which can be carried out on hardware costing only £175 – allow potential hackers to take over and control a bike’s shifting behaviour by sending spoof radio signals from as far as 10m away.

This roadside radio technique is demonstrated in the video below:

Bauke Mollema would not be happy...

This experiment, the academics say, expose the vulnerability in Shimano’s Di2 systems, with a blackbox analysis of the manufacturer’s wireless protocols revealing a lack of mechanisms to prevent an attacker taking over someone’s gears, susceptibility to targeted jamming, allowing an attacker to disable shifting on a specific bike, and information leakage resulting from the use of ANT+ communication, that allows an attacker to inspect telemetry from a targeted bike.

By exploiting these vulnerabilities, potential hackers – especially in the “adversarial” environment of pro cycling – could trigger potentially race-changing moments from a roadside spoof radio signals, affecting the “integrity of the sport”, especially with wireless electronic shifting ubiquitous throughout the pro peloton over the last decade.

> Complete guide to electronic gears: your bike's shifting, indexing and charging explained

After first intercepting their target’s gear-shift signals at some point before they carry out their attack, a hacker can replay those signals, days, weeks, or months later, to cause the bike to shift at their command.

The researchers also noted their simple hardware setup could be miniaturised to such a degree that it could be hidden easily on the roadside at a race, or in a team car or rider’s jersey.

“The capability is full control of the gears. Imagine you're going uphill on a Tour de France stage: If someone shifts your bike from an easy gear to a hard one, you're going to lose time,” Fernandes, an assistant professor at UCSD’s Computer Science and Engineering department, told Wired about the new research.

“Or if someone is sprinting in the big chain ring and you move it to the small one, you can totally crash a person’s bike like that.”

 (Zac Williams/SWpix.com)

Jamming the shifters would be even easier than taking control of someone else’s gears, the researchers add, by broadcasting a jamming signal at the frequency used by all Shimano shifters – which, at the moment, make up almost 80 per cent of the WorldTour peloton.

The researchers even claim that it would be possible to read the shifting signals from the entire bunch and then jam everyone except one chosen rider.

“You can basically jam everyone except you,” says Northeastern professor Ranganathan.

This is, in our opinion, a different kind of doping,” adds Fernandes.

“It leaves no trace, and it allows you to cheat in the sport.”

> “It will destroy our sport”: UCI set to pay whistleblowers for “credible” motor doping information ahead of Tour de France

However, in case anyone gets any ideas, the academic team have been working closely with Shimano since March to develop a patch, with the Japanese components giant saying it has “identified and created a new firmware update to enhance the security of the Di2 wireless communication systems”, and has already shared that with the pro teams who use their equipment.

“We can share that this update is intended to improve wireless transmission across Shimano Di2 component platforms," a spokesperson said, adding that the fix will be made more widely available at the end of this month. “We cannot share details on the exact fix at this moment, for obvious security reasons.”

While Shimano hasn’t been completely clear about how the patch will apply to its customers, it said “riders can perform a firmware update on the rear derailleur” using Shimano’s E-TUBE Cyclist smartphone app, but didn’t clarify how this would apply to the front derailleur.

“More information about this process and steps riders can take to update their Di2 systems will be available shortly,” the company said.

While the patch is slow in making its way to the public, the researchers say that pros should implement it as soon as possible, and that other manufacturers of wireless shifting technology, such as Sram and Campagnolo, should investigate their own security systems.

> Will wireless shifting become the norm? SRAM Apex eTap groupset is on the way

But leisure cyclists shouldn’t be too panicked for the moment, Fernandes says, adding: “I find it hard to believe that someone will want to launch such an attack on me during my Saturday group ride.”

Disclaimer: You definitely shouldn’t hack your clubmate’s gears to teach them a lesson. Unless they’re really annoying of course…

A horrible crash in the final six kilometres of today’s stage to Amnéville could perhaps provide the defining moment of this year’s Tour de France Femmes, as yellow jersey Demi Vollering came down hard and lost almost two minutes to closest rival Kasia Niewiadoma, after being forced to mount a futile and largely isolated chase in the closing stages.

The mass spill, which took place near the front of the bunch and at a pinch point on a tight left-hand bend in the run-in, left Vollering with missing skin, in considerable pain, and with no SD Worx teammates to help her for several minutes, European champion Mischa Bredewold saying after the stage that there was a delay in the team communicating Vollering’s fall, with Bredewold eventually dropping back to provide a brief turn at the front for her leader.

Despite Bredewold’s help, the defending Tour de France champion ultimately lost 1.46 to new GC leader Niewiadoma, who survived the crash and made the lead group that eventually emerged from the shattered remains of the bunch – and who, rather controversially, ordered Canyon-Sram teammate Chloe Dygert to drive hard on the front in the aftermath of the crash.

The in-form Kim Le Court was also brought down in the crash, as was British champion Pfeiffer Georgi, who looked in serious pain on the ground in the aftermath of the spill.

While SD Worx will be left to rue the crash – which has upended the GC, bumping Vollering down to ninth, 1.19 off the lead – it was a bittersweet day for the team, as Blanka Vas, who made the lead group as Vollering floundered behind, outsprinted Niewiadoma, Liane Lippert, and Olympic champion Kristen Faulkner for the biggest win of her career.

The late crash completely changed the end of the stage and the GC battle too!

Kasia Niewiadoma almost took it but Blanka Vas came through on the line to take the win for SD Worx whilst their GC leader loses 1'46"#TDFF2024 pic.twitter.com/bSJQjlyiDX

— Mathew Mitchell (@MatMitchell30) August 15, 2024

However, that career-defining stage win for the Hungarian champion may unfortunately prove just a footnote in this year’s Tour de France, as the race for yellow changed utterly in one moment with six kilometres to go on stage five.

The early results four our ‘unwritten rules’ poll are in, and it appears that three-quarters of you reckon that when the racing’s on – as it certainly was with 6km of the stage remaining – there’s no looking back, even if the yellow jersey is down.

Meanwhile, over in the dark corners of social media, one viewer asked: “What happened to the rule you don’t attack the yellow jersey after a crash?”

“Ask her ‘teammates’ who didn’t hesitate to attack. For the rest: it’s 5km from the finish line. Nobody ever waited in such a situation in a flattish final 5km,” replied Jens.

He has a point, you know.

Oh, to be a fly on the wall in the SD Worx hotel this evening as Blanka Vas pops the champagne to celebrate her stage win…

Hmmm… Okay.

Before you jump to the conclusion that Patrick Lefevere’s lost his mind (stop it) and decided that what his team really needs to succeed at the Vuelta is a collection of dinosaur jerseys (maybe to represent his own world view?), the toddler-inspired stylings are actually designed to promote sponsor Soudal’s range of T-Rex branded sealants and adhesives.

Which makes more sense than EF’s skateboarding duck jersey, if we’re honest.

But it’s not just a sartorially challenging jersey with a cartoon dinosaur that Soudal Quick-Step have planned for the next three weeks – no, the Belgian team will also be, and I quote, sharing “a number of dinosaur related initiatives taking place” throughout the Spanish grand tour.

And they’ve kicked off the dino-themed party, like any good seven-year-old obsessed with the Mesozoic Era, by clumsily changing all their mates’ names to those of dinosaurs.

 

 

 

 

View this post on Instagram

 

 

 

 

 

 

 

 

 

 

 

A post shared by Soudal Quick-Step Pro Cycling Team (@soudalquickstepteam)

So at the Vuelta we’ve got Mikel Landismosaurus Rex, T-Knox, Asgreeniraptor, T-Knox, Mattiasaurus, Pedesaurus, Louisaurus… You get the picture.

Which makes it a pity they never got round to signing Laurenz Rex in time…

Anyway, there’s even a Belgian frite-chomping, beer-guzzling dinosaur that will be following the team around Spain:

 

 

 

 

View this post on Instagram

 

 

 

 

 

 

 

 

 

 

 

A post shared by Soudal Quick-Step Pro Cycling Team (@soudalquickstepteam)

Hold on, when did they sign Alejandro Valverde?

💛 Rivales pour le #MaillotJauneLCL dans le respect et le fair play 🤗

🇳🇱@demivollering 🤝 🇵🇱@KNiewiadoma#TDFF2024 #WatchTheFemmes | @GoZwift pic.twitter.com/glNFQCrFCA

— Maillot Jaune LCL (@MaillotjauneLCL) August 15, 2024

Interesting post-race warmdown chat here between the two big rivals for this year’s Tour de France, as new race leader Kasia Niewiadoma can be heard telling Demi Vollering, “I really didn’t want to take the yellow that way. Hopefully we can still have a big fight.”

“Yeah, I hope so,” a despondent Vollering responded.

Let’s just hope Demi doesn’t have bump into Chloe Dygert later and ask her what happened in the front group…

With the Tour of Britain Men just a few weeks away, today the shock news emerged that the race’s recently appointed director, Rod Ellingworth, is set for a return to Bahrain-Victorious, the WorldTour team with which he spent an ill-fated year as principal in 2020.

After a decade at Team Sky/Ineos, Ellingworth – the man credited with fostering a generation of talent through the British Cycling Academy – took the head role at what was then Bahrain-McLaren for a frustrating, Covid-impacted season, before rejoining Ineos as deputy team principal (and the British squad’s de facto chief in Dave Brailsford’s absence).

However, he suddenly resigned from that role in November amid reports on internal tension and a management overhaul, before being appointed by British Cycling as the race director for the revamped men’s and women’s Tour of Britain in March, tasked with delivering the races after a turbulent period that saw previous organisers SweetSpot enter liquidation.

> Ineos Grenadiers’ deputy chief Rod Ellingworth resigns from British team amid rumours of backroom tension, according to reports

But now Ellingworth seems set for yet another job move, and a comeback to the WorldTour, as Bahrain-Victorious announced today that will return to the team in an unspecified role as part of their “senior management”.

“He will take on a pivotal role in the performance team and work closely on performance projects over the next three seasons,” the team’s press release said, “With a particular focus on Grand Tours and driving the team’s ambitions for a podium finish at the Tour de France.”

Milan Erzen, Bahrain Victorious’ managing director, added: “We are happy to bring Rod back to us and support our performance team. He will be a key part in guiding our young GC talents, like Buitrago, Martinez and Tiberi, with a focus on the Grand Tours. I’ve always maintained a great relationship with Rod – he’s a great guy who is incredibly knowledgeable about cycling. He has great experience achieving the best results in the biggest races. It’s great that he is back in our team.”

> “I feel a real responsibility to get this right”: Former Ineos manager Rod Ellingworth named as new Tour of Britain race director

“It’s great to be back with the team, and I’m looking forward to working on key projects over the next three years," Ellingworth himself said. “The team has some fantastic young riders with great GC credentials. I look forward to working with them to achieve the team’s ambitions.”

It’s understood that the appointment won’t affect Ellingworth’s role for the upcoming Tour of Britain, which starts on 3 September.

Katy Marchant and Sophie Capewell hope their gold medal-winning exploits will inspire people to cycle to school and work, and find the “joy for riding a bike” that led to their own Olympic success.

Marchant and Capewell – whose world record-breaking team sprint alongside Emma Finucane was one of the highlights of the Paris Games for Team GB – were speaking at non-profit organisation Manchester Bike Kitchen in Hyde, which aims to promote cycling to improve mental and physical health, as part of the ChangeMakers programme that matches athletes with local community initiatives.

It was the pair’s first public appearance since returning from Paris on Monday, and Capewell says their team sprint win still feels “a bit like a dream”.

“It was just so special, because it’s been a project for this team for a really long time and we're Olympic champions now. It’s really cool to say that,” she told the BBC at the event, which was attended by other Team GB stars, including team pursuit bronze medallist Josie Knight and BMX star Beth Shriever.

 

 

 

 

View this post on Instagram

 

 

 

 

 

 

 

 

 

 

 

A post shared by Manchester Bike Kitchen (@mcrbikekitchen)

Capewell added that she hopes their win will inspire others to find the “joy for riding a bike” – “and it doesn’t have to be at a top level. It could just be riding to work or cycling to school or anything like that.”

She continued: “The communities support us, so it’s really important for us to give back and support them.”

“Cycling is a really, really accessible sport, and we want to be able to inspire people to get on bikes,” Marchant added.

Meanwhile, Manchester Bike Kitchen’s Andy Hinton said he hopes Britain’s cycling stars can have a profound impact on young people.

“If someone watches Beth Shriever in the Olympics or Kieran Reilly who won the silver medal, they can walk in here and pick up a second-hand BMX and actually start,” he said.

“And who knows, in four years, eight years, they could be representing Team GB, riding that bike wherever that may be.”

A classic of the ignored and neglected cycle route genre, courtesy of the shared-use pedestrian and bike path that run alongside the A12 Colchester Road just outside London – which, by the looks of things, appears to be on the verge of being consumed by the adjacent vegetation:

Highway engineer and blogger The Ranty Highwayman reported the overgrown hedge and almost invisible path to Transport for London on 30 June, though he notes he’s been raising concerns about the route’s dangers for the past 15 years.

“Yes, this is a shared-use path next to a 50mph dual carriageway. We wouldn’t let this happen to the carriageway,” he tweeted at the time.

“Most of Outer London doesn’t get a look in on the wonderful stuff [London’s walking and cycling commissioner] Will Norman celebrates, but the basic stuff we do have doesn’t get basic proactive maintenance. Please Will, could TfL be pushed to up its Outer London trunk road game?”

Unfortunately, Ranty’s complaints have yet to be answered, as the hedge continues to grow over a month after his initial report, as seen in another photo taken this week:

“We’ll soon have to walk in the 50mph carriageway to get past,” he noted. “We need the basics sorted on TfL’s forgotten Outer London roads. This is a shared-use cycle track, but we don’t get the space and smooth surfaces of the roads here.

“TfL has given up on active travel on its outer London road network.”

Well, I suppose it’s easy to forget it if you can’t see it due to overgrown hedges…

It may have taken three-and-a-half days and four-and-a-half stages, but finally, finally the Tour de France Femmes peloton will roll into France this lunchtime, 60km from today’s stage start in Bastogne, yet another nod to Liège-Bastogne-Liège after yesterday’s Ardennes classics tribute act.

So what’s on the menu for today’s mostly French stage five to Amnéville? Well, after yesterday’s GC-reshaping epic in the rain, on paper today should be a last hurrah for the sprinters.

With the on-fire Charlotte Kool 2-0 up in her fast-twitch battle with Lorena Wiebes, can the DSM powerhouse make it a hat-trick of sprint victories at the Tour, or will SD Worx rider Wiebes – usually seen as the undisputed fastest sprinter in the world – save her Tour with a last-gasp win?

Of course, the sprinters may not have everything their own way. The Côte de Montois will offer a stern test, averaging six per cent for 1.7km, and is located just 15km before the finish, with a nasty drag past the summit potentially acting as a launchpad for an enterprising attacker.

Meanwhile, the finish itself will be tasty, and includes a steep climb in the last 800m. Perhaps a more powerful puncheur-sprinter style rider – like Marianne Vos, maybe – could take advantage of all the Kool-Wiebes III hype and steal a victory?

Is it time for the GOAT to kick on in France?

> “Can’t continue with radio ban”: Pro cyclist breaks back in horrific crash as Visma-Lease a Bike manager slams “complete farce” and “chaos” lack of race radios created, but UCI President hits back at “fake news”