Popular Articles
Today Week Month Year


Scooter riders beware – Hackers can remotely accelerate or brake popular electric models
By Lance D Johanson // May 31, 2019

A popular electric scooter model manufactured in China can be remotely hacked and locked down. According to a “proof of concept” test by security research firm Zimperium, these electric scooters can be remotely accessed and controlled. Hackers can remotely accelerate the scooter or cause it to hit the brakes, putting the rider at risk of sudden injury or death. The electric scooter is called the Xiaomi M365 and it’s currently being used with dockless, ride sharing services in cities throughout the U.S.

Brighteon.TV

Zimperium found the flaw in the scooter’s Bluetooth module. Because the scooter was designed to allow users to remotely lock it on the Bluetooth app, the scooter is ultimately vulnerable to outside hacks, including remote control interference that can stop the scooters mid-ride. Zimperium demonstrated the hack by targeting random Xiaomi M365s on the street. The security experts were able to control the scooters up to 328 feet away, sending commands to the scooter while unsuspecting people were riding them. Hidden in the crowd, the security experts could take control over a scooter, slow it down, lock it down, or force it to accelerate.

Popular electric scooters vulnerable to dangerous hacks

Malicious hackers could theoretically target anyone they want, throwing unsuspecting riders into traffic or putting them in risky situations. Hackers could use a Denial of Service (DoS) attack to remotely lock any M365 scooter, stranding riders and causing large scale problems. Taking it a step further, hackers could even initiate a malware attack and install new firmware that would enable the hacker to take full control of the scooter while someone is riding it. Hackers can do this all right on the Bluetooth app, without password authentication, and they can do it hands-free. In fact, the security firm was able to quickly install unauthorized software, taking full control over the scooter. They were able to use all the features without the need for authentication.

People are already taking advantage of the technological vulnerability. A cheap Chinese hacking kit is reportedly being sold on the black market. The kit enables hackers to disable recovery and payment features set up by ride sharing services. In this way, the scooter can be stolen from the ride-sharing service.

The Xiaomi M365 is manufactured in China by Segway-Ninebot. This company is already dealing with defective scooter batteries that randomly burst into flames. Some of these defective scooters have been removed from the market, but the M365 is still a popular model used throughout the U.S. Ride-sharing companies such as Bird have known about the scooter's hacking vulnerabilities for over a year and have removed implicated scooters from their fleet. However, this problem could reoccur down the road if hackers continue to exploit the vulnerabilities in the wireless technology. Xiaomi scooters are sometimes rebranded and sold under different names, too, so the risk of being hacked while riding an electric scooter still remains.

According to Rani Idan, security researcher and director of platforms at Zimperium, the risk is there for “any ride-sharing service that uses Xiaomi scooters” that “didn’t disable or replace Xiaomi’s Bluetooth module.” Idan warns, “Xiaomi scooters are rebranded and sold under different names, [and] those might be affected.”

For more on technological vulnerabilities, visit CyberWar.News.

Sources include:

Dailymail.co.uk

TheVerge.com

TheVerge.com



Take Action:
Support NewsTarget by linking to this article from your website.
Permalink to this article:
Copy
Embed article link:
Copy
Reprinting this article:
Non-commercial use is permitted with credit to NewsTarget.com (including a clickable link).
Please contact us for more information.
Free Email Alerts
Get independent news alerts on natural cures, food lab tests, cannabis medicine, science, robotics, drones, privacy and more.

NewsTarget.com © 2022 All Rights Reserved. All content posted on this site is commentary or opinion and is protected under Free Speech. NewsTarget.com is not responsible for content written by contributing authors. The information on this site is provided for educational and entertainment purposes only. It is not intended as a substitute for professional advice of any kind. NewsTarget.com assumes no responsibility for the use or misuse of this material. Your use of this website indicates your agreement to these terms and those published on this site. All trademarks, registered trademarks and servicemarks mentioned on this site are the property of their respective owners.

This site uses cookies
News Target uses cookies to improve your experience on our site. By using this site, you agree to our privacy policy.
Learn More
Close
Get 100% real, uncensored news delivered straight to your inbox
You can unsubscribe at any time. Your email privacy is completely protected.