Hackers Can Access Your Electric Scooter While You’re Riding It

A team of security researchers found a flaw in Xiaomi's M365 electric scooter. They were able to remotely control a scooter in a matter of hours.

Remote Control

If you see people on electric scooters wildly accelerating and braking, it might not only be because of the usual electric scooter nonsense.

That’s because a newly-discovered security flaw in a particular scooter’s software can be exploited by hackers who can remotely accelerate or brake someone else’s scooter, according to WIRED. It’s a finding that highlights the fraught landscape of advanced transportation.

Disrupting Safety

The scooter in question is Xiaomi’s M365. A team of security researchers from a company called Zimperium were able to find and exploit the security flaw in a matter of hours.

“I was able to control any of the scooter features without authentication and install malicious firmware,” Rani Idan, director of software research at Zimperium, told Wired. “An attacker could brake suddenly, or accelerate a person into traffic, or whatever the worst case scenario you can imagine.”

Plunder and Pillage

The problem comes down to the Bluetooth-enabled connection between scooter and smartphone app. The security researchers found that they could connect to an M365 scooter without even being prompted for a password. From there, they could inject their own malware — disguised as an official update from Xiaomi — into the scooter’s code that granted them total control over the scooter’s hardware.

“You would probably think those devices would implement the best security protections possible,” Idan told Wired. “But unfortunately that is not always the case.”


More on scooters: Lime Recalled Thousands of Scooters Because They Were Catching Fire

The post Hackers Can Access Your Electric Scooter While You’re Riding It appeared first on Futurism.

Go to Source