Modern vehicles are equipped with vehicular sensors for smart navigation, vehicle state awareness, and other intelligent operations. Despite the previous belief that the sensor operations stay within a vehicle, as it is designed to be, we study information leakage through the tire pressure monitoring system (TPMS) sensors and the corresponding privacy breach. We demonstrate that, using a low-cost and off-the-shelf software defined radio (SDR), an unauthorized attacker can track uniquely-identifiable sensor IDs up to 40 meters away from the vehicle. To address the issue and protect vehicular privacy, we also propose an effective and lightweight TPMS ID randomization scheme and analyze its security and the implementation costs.