Stories
Slash Boxes
Comments

SoylentNews is people

posted by takyon on Tuesday August 04 2015, @07:00PM   Printer-friendly
from the hacked-board dept.

Healey, who works on security for payments company Stripe, teamed up with fellow researcher Mike Ryan, who works on security for E-Bay, to examine his and other electric skateboards to see if they could be hacked. The result is an exploit they developed called FacePlant that can give them complete control of someone's digital board.

"[The attack] is basically a synthetic version of the same RF noise [at that intersection in Melbourne]," he says, and allows them to cold stop a board or send it flying in reverse, tossing the rider in either case.

They plan to present their findings Saturday at the Def Con hacker conference in Las Vegas.

takyon: The researchers tested three skateboards and found vulnerabilities in each. They completed an exploit for a $1500 American-made "Boosted" board, and are working on an exploit for a $700 board called E-Go made by China-based firm Yuneec.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 3, Informative) by VLM on Tuesday August 04 2015, @07:34PM

    by VLM (445) Subscriber Badge on Tuesday August 04 2015, @07:34PM (#218052)

    The story changes from headline to more details.

    They found at least one critical vulnerability in each board, all of which hinge on the fact that the manufacturers of the boards failed to encrypt the communication between the remotes and the boards.

    This is along the lines of the "hack" where you can go to any makerfaire type event with an xbee or whatever its called board, and pair up and F around with other peoples stuff (often quite accidentally)

    There are several classes of owning or hacking a skateboard. Another one is I'm licensed to transmit 1500 watts in the 2.4 GHz ham radio band, although I don't own gear of that level at this time. Another would be reprogramming the firmware over the internet or wtf.

    It should be simple enough to avoid this particular "hack" by just using a wired controller or an even slightly secured bluetooth.

    Something interesting to think about is I use plain old unsecured BT RFCOMM to connect my android phone/tablet running Torque to a bluetooth no-name ODB-II reader for my car(s) and it works quite well but its amusing to think of my unsecured ODB-II reader connecting to some kids skateboard or some kids skateboard connecting to my ODB-II application. Just good luck some kid has never rolled by while I'm screwing around with a car.

    Starting Score:    1  point
    Moderation   +1  
       Informative=1, Total=1
    Extra 'Informative' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   3