Stories
Slash Boxes
Comments

SoylentNews is people

Xiaomi E-Scooter Remotely Hackable

posted by martyb on Wednesday February 13 2019, @12:56PM   Printer-friendly
from the just-another-vulnerable-IoT-device dept.

RandomFactor writes:

Xiaomi's popular M365 Folding Electric Scooter is remotely hackable via bluetooth according to security firm Zimperium.

due to improper validation of password at the scooter's end, a remote attacker, up to 100 meters away, could send unauthenticated commands over Bluetooth to a targeted vehicle without requiring the user-defined password.

This allows an unauthenticated attacker nearby to

Locking Scooters—A sort of a denial-of-service attack, wherein an attacker can suddenly lock any M365 scooter in the middle of the traffic.
Deploying Malware—Since the app allows riders to upgrade scooter's firmware remotely, an attacker can also push malicious firmware to take full control over the scooter.
Targeted Attack [Brake/Accelerate]—Remote attackers can even target an individual rider and cause the scooter to suddenly brake or accelerate.

A video is embedded showing a rider's scooter being disabled by a bystander.

Fortunately I still have my skateboard...and better health insurance than I used to.

Original Submission

 
This discussion has been archived. No new comments can be posted.
Xiaomi E-Scooter Remotely Hackable | Log In/Create an Account | Top | 6 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 2) by bob_super on Wednesday February 13 2019, @06:21PM

    by bob_super (1357) on Wednesday February 13 2019, @06:21PM (#800680)

    If everybody who hates the scooters walks around with an app that disables them within bluetooth radius, it won't take long for them to vanish from the streets.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  
    Total Score:   2