MakeShift: Security analysis of Shimano Di2 wireless gear shifting (2024)
usenix.org31 points by motorest 4 days ago
31 points by motorest 4 days ago
Hahaha -- can't wait until someone figures out how to hack SRAM's wireless seatpost dropper[1].
(2024) Past articles noted Shimano patched it (pro teams) or will (everyone else) that year
Related Want to Win a Bike Race? Hack Your Rival's Wireless Shifters (19 points, 2024, 14 comments) https://news.ycombinator.com/item?id=41253198
The researcher's purported threat model mainly consists of professional bike racing.
Basic trolling is not precluded, or perhaps a targeted attack on an individual person.
Wireless gear shifters? What was wrong with a cable? Even if you don't want it to be a mechanical connection, you could still at least send data over that instead of wirelessly...
Not needing to route cables (or wires) along and/or through the bike frame is a huge improvement. Anecdotally, everyone I know that has adopted Di2 seems to love it. The cost of these systems is negligible for the type of buyer who is shopping for high-end groupsets.
Counterpoint - the benefits of wireless are there but the worry of your unit dying in the middle of a ride now replaces the concern of whether your derailleur is tuned and ready to go. It's easy for a shop to assemble, but now I'm worried about shorting the control unit of my di2 which would be a pricey fix. I have two bikes: one with and one without di2. Both work just as well and one costs much more.
I do love disc brakes though.
Honestly, routing the cables through the headset introduces so many tight bends, I suspect you'll get better long-term reliability with wireless. Plus, there are no connections to make waterproof aside from the battery.
You will need to take it apart any time you need to change the tube... "no connections" is a fantasy.
I've never seen anything wireless being more reliable than a mechanical analog. Anecdotally, I moved into a house that had a bunch of this wireless garbage: wireless thermostat, wireless doorbell, wireless light over the backyard gate. All this garbage is dead and dysfunctional in just a little over two years.
Which tube are you talking about?
I agree with you that all this electronic stuff is doomed for the dumpster, but I suspect that in this highly specific situation, it prevents wires from getting chafed through and failing. And let's be serious: for the time being the people buying wireless electronic groupsets are replacing them every couple years when something sexier comes out. If it makes it three-five years, it'll be long enough.
We agree that there will be no present day equivalent of all the beautiful old Campy Record in the used bike shops of 30 years from now. All this shit will be long since busted.
You're talking about charging... monthly? With a system that gives clear warnings early that you're low on battery?
I'm already charging my GPS, headphones, bike lights, etc. regularly. This has been an absolute non-issue to me.
If the battery lasted for 100 miles, sure. But I'm getting ~1000 miles a charge.
My Di2 is wired internally but can communicate wirelessly, which I really like. One charger and one battery for everything.
Shifting is faster and more precise, with no need for readjustments. It also eliminates a lot of cabling, which makes it look cleaner and simplifies the setup.
A wireless (electronic) device simplifies the setup? What kind of insane fantasy is this? Will you really be able to fix your broken wireless gear box in field conditions? This is the proof of simplicity, not some superficial observation that you make about the amount of cables.
The answer is YES, and this type of shifter is a favorite among mountain bikers whose reliability needs and "field conditions" are already much more challenging than your average biker.
There are plenty of examples of situations where a wireless setup simplifies things.
I used to put wired speed/cadence sensors on my bike. Now I just zip tied two BLE gyros to the wheel and crank and things are vastly simpler. I've had them there for years and still haven't changed the battery. I've also never tangled the cables or had to fiddle with the mounts for a magnetic sensor.
It simplifies installation and getting a reliable, comfortable shifting setup, yes. Installation is simplified, especially in the case of internal and headset routing, which is something the target audience would deal with in case of cable-actuated derailleurs. Changes requiring adjustments over time due to the cable wearing out or stretching are eliminated, simplifying maintenance, both during and in between rides. On drivetrains with front and rear derailleurs, it has an optional adjustable algorithm that shifts both together for you and chooses the best gear combinations as you press up and down, simplifying operations. Auto-shifting is available on some models. There's more possibilities to put the shift buttons in the most ergonomic place, or even put them in more than one place, simplifying setting up your bike for comfort. That it doesn't simplify fixing your derailleur in the middle of a ride doesn't negate all of its benefits. Yes, the radio or battery could fail, but on the other hand it is less prone to go out of adjustment.
Also it has one killer feature and everyone that tries one also raves about how well it works. You know those little ramps stamped into the side of the sprockets on a cassette, that the chain moves up and down on as you change gears? Di2 delays your shift precisely until the start of a ramp, which makes shifting faster and works much better under load. That crunch and possible stuck chain when you shift to start a climb is basically eliminated.
Is it something a bikepacker will choose? Probably not. Is is something attractive to many other types of cyclists and simpler to install, use and maintain in ways they care about? Yes. I'm a weekend mountain bike rider, not at all competitive. I personally won't get one because of the cost but the features are quite attractive to me, while the risk and consequence of a dead battery seem low. There are many, many other things that are more likely to break during a ride, many of which will have you walking back. A dead Di2 battery means you are stuck in one gear, and if your chain has a master link or you carry a chain tool (target demographic definitely has one or both) you can change the gear in 2 minutes.
I thought of an analogy for HN. Think about water cooling in a gaming PC instead using the stock CPU cooler. It's more expensive, but generally higher performing and quieter and arguably looks cool. There's a certain demographic who thinks they are stupid because they must have extra parts so which are difficult to install and must be less reliable, and they may have one horrible failure mode of leaking liquid inside your PC. They might give the example of a mission critical server, and be right for this use case that it's not a good idea, at least at the scale of one machine. There's another demographic who don't think twice about buying them because the positives easily outweigh the negatives for them. This group can sometimes be seen telling the other group that they are out of date on it being difficult to install (you can even buy a case with it pre-installed) and reliability (modern all-in-ones almost never leak). They will most likely concede that for a mission critical server it's not the correct product.
In cycling looking good is half the battle. Eliminating all the cables (except brake lines) looks way cleaner and therefore faster and cooler.
Besides what other have answered you already have a lot of wireless connections on a race bike. To the sensors measuring speed, cadence, watts, and possibly stuff like rear traffic radar, gear selection etc..
It all integrates with an unwired bike computer, so wireless shifters makes fine sense in the system.
Recording telemetry is different from something which directly impacts operation.
What ever happened to measuring speed, cadence and pedal force using your body and mind?
Well speed is something a large portion of cyclists have always wanted. Adding a cycle computer or even a mechanical speedometer in earlier times was always popular. Now GPS units and smartphone mounts, or just logging your ride in an app using your phone or smartwatch are popular.
Cadence and pedal force are very useful for training and competition (organised or the self-improvement kind), so pretty much for the same cyclists that would also want wireless shifting.
> What ever happened to measuring speed, cadence and pedal force using your body and mind?
How do you export a time series of that?
We can do that. (I barely “measure” in the sense that I’m lazy and just pedal slowly, haha).
But there’s a well established community of really hardcore bicycle hobbyists. The folks paying a couple thousand dollars for shifters want fancy stuff. Some want graphs and numbers. shrug
It's much easier to maintain, as headsets have become integrated it's become harder and harder to work with anything that runs from the brake levers through the frame.
In terms of maintenance, most cyclists would benefit more from internal gear hubs and carbon belts. From a product development POV, seems better to make auto shifting IGHs. Indeed this is how share bikes are designed.
Yes, but for racing bikes, which are the target market for wireless shifting in 2025, the efficiency losses of an internal hub are a non-starter.
The casuals whose bikes haven't seen a wrench since they were assembled aren't buying wireless groupsets. For them: we're in agreement about belts and internally geared hubs.
Automatic shifting has yet to prove itself to be more than a curiosity. A 20-something year old Autobike came into the shop I was wrenching in. It still worked shockingly well for being covered in rust. In good shape it would be an entirely adequate solution, if only it solved a problem anyone had.
My money is on e-bikes entirely supplanting any demand there may have ever been for automatic shifting on a bicycle. The motors have enough oomph that they make a lot of shifts unnecessary if you're not looking to maximize speed/battery life/whatever.
> In good shape it would be an entirely adequate solution, if only it solved a problem anyone had.
I cannot understate how big of a problem shifting is for the demographics you are not seeing on bicycles.
The complete market failure of the Autobike suggests that the demographic of people not on bikes who would ride if they didn't have to shift is either not that large or wasn't reached by their marketing.
This was literally the only one I've ever seen. And I volunteered for a year and a half at a community bike shop that was infamous for attracting oddities and evolutionary dead-ends. For instance: a side-by-side bicycle built for two. If there were a gazillion Autobikes out there, we'd have seen a couple. People simply didn't buy them.
1x setups have negated a lot of this. My wife does not enjoy bicycling and we got her a cruiser, it is very simple for her to understand "click up for harder, click down for easier".
That's long-term maintenance for commuters and casual riders. This product is for competitive and serious riders, and it reduces another type of maintenance (setting up and maintaining their bike for high performance).
I’d take a wireless dropper post so I don’t have to mess with cabling.
I'm also thinking of one. They exist and allow greater extension for the overall length and/or greater nominal adjustment compared to internally routed ones because no space is required for the cable. This space is significant once you consider minimum bend radius.
Racing cyclist: can I spend some money and save 2 grams of weight?
Touring cyclist: can I patch this with some duct tape and a radio antenna I ripped off a car?
I was on a tour recently with a guy who brought a racing bike with rear-only panniers that probably weighed 2-3x the whole rest of the bike. He really struggled with the balance.
There is electronic shifting over cable too.
Electronic shifting in general is far better than cable both in terms of performance and maintenance.
Bizarrely Shimano has been very slow to adopt wireless, even as the radio chips must be much cheaper than all the custom cable assemblies (and you can sell it for more!)
I'm with you on this!
Here's a bit of a marginally related rant.
So, I moved to the Netherlands about four years ago. Of course I needed a bike. Since I was a child, I always fixed my bike if there was a problem. I've replaced punctured tube countless times.
Yet, in the Netherlands, I discovered that on the local bikes the gear box is a lot more complex... and you need to disassemble it in order to remove the back wheel (if you want to replace the tube). It doesn't have that many moving parts, but it's really not made with an eye for easy assembly and disassembly. Not in the field conditions. And the first time I discovered it, to my shame, I ended up pushing my bike to the bike shop to have the tube replaced. I felt like I was telling the shop owner that I peed my pants when I had to ask him to do something that should've been trivial for an adult.
I can't imagine using a wireless gear box. I'll never get on this kind of bike. Some kind of interference and you lose control of the bike? Broken far away from home: push it for hours? This thing probably needs a battery... Is it waterproof? This is such an unimaginably bad idea...
By gear box do you mean the covered system between the bottom bracket/cranks and the rear wheel? Dutch commuter bikes are usually one speed and that system keeps grime out of the chain and keeps your pants clean. It is indeed a PITA to remove the rear wheel on these bikes (especially the first time), although you can often patch a tube in situ without removing it completely.
This product does not replace that system. It is for very high-end bikes with owners. These bikes still have a chain that runs front to rear, it only replaces the derailleurs. If it fails or the battery dies, you're stuck in one gear but you don't have to push your bike. And you can manually change gears if you really need to. Yes it has a battery, yes it's waterproof.
To me, it's night and day.
Cables stretch, need replacement (yearly or every 2 in my case), and mechanical shifting requires more effort.
Di2 is literally 'mouse click' with little electric components that _instantly_ shift. Maintenance is reduced, the shifting is notably smoother, and adjustments are a breeze.
IMO the "but my shifters could die" crowd overblow the concerns. I charge my bike _once a month_ and that's being conservative. I already have to charge my GPS unit, my lights, etc. so remembering to plug my bike in is a non-concern.
Anecdotally, most folks I know who don't like electronic shifting haven't actually used it. The major downside is that it's expensive, as are all road bike components.
All this tech, just to recover the speed and smoothness of friction shifters from 30 years ago.
Friction shifters suck really bad, if you ride your bike more than once a month. Having to feel out the right shift point, adjusting front derailleur trim, remembering where you are in the gearing so you can avoid cross-chaining, having things shift slightly differently as your cable stretches over time, all of it sucked. I know the retrogrouch nostalgia goggles are an entire market sector in cycling, but 100% of the time people who spend a lot of time on bicycles prefer electronic shifting in practice. I'm old enough to have had friction shifters on my downtube, and I'm not going back.
I'm old enough to ride with downtube shifters too, have for close to 20 years, do so roughly every day including for the past several years in a hilly city where I shift a lot, and I could not stand the brief stint (~year) I did with slow, unwieldy brake-lever shifters. I had to adjust those way more often and more precisely than I adjust my friction shifters, too.
I was never sold on those shifters either. Mechanically indexed shifting in general never really was fantastic enough to justify all the additional finicky fine-tuning required for it to work well. But electric shifting is a whole separate ballpark; it's self-adjusting, prevents cross-chaining, etc. It's set and forget except charging it every few weeks.
It's like the difference between carburetors and modern fuel injection. Some people like to spend all their time playing with jets; I'd rather be driving the car.
I've always wondered what happens if you are in a big pack with these kind of devices
There's no stepping on each others signal? Error-correction?
Garmin is ending ANT+ because it's not-encrypted and Europe won't allow that anymore but it would be fascinating to do an ANT+ capture next to a marathon of 50,000 people, how does it deal with all that signal noise (BLE is on same frequency)
Is that really why it's going away? I just sort of figured that BLE chipsets had gotten so cheap these days that it was more economical. Can't see why you'd care about encrypted data for something which you could measure pretty trivially via other means, if you were close enough to pick up the signal.
Technically that stuff is health data (especially the heart-rate, o2 levels, etc) so it's probably just not worth trying to fix the protocols.