IIRC, many TPMS systems run as CAN over IP, basically giving unsecured network access to a car if it thinks it's talking to a TPMS. Granted that some/most these sensors typically have to be "paired" with a car using a scantool (sometimes), but IIRC, some are self-pairing creating a vulnerability where the legit sensor could be replaced with a hostile one. Also the possibilities of spoofing, sniffing, and/or packet injection seem real too.
I’ve been in this industry for 20-some years not a single system I’ve ever seen operates like that.
CAN over IP does not exist invehicles. IP over CAN doesn’t exist at all. UDS over IP does, but this is automotive Ethernet and an entirely different discussion.
I know the receivers are often in a vulnerable position. But, on my 2008 era car- the code I've seen for SDR decoding is a broadcast MAC, pressure and a temp value.
