Healey, who works on security for payments company Stripe, teamed up with fellow researcher Mike Ryan, who works on security for E-Bay, to examine his and other electric skateboards to see if they could be hacked. The result is an exploit they developed called FacePlant that can give them complete control of someone's digital board.
"[The attack] is basically a synthetic version of the same RF noise [at that intersection in Melbourne]," he says, and allows them to cold stop a board or send it flying in reverse, tossing the rider in either case.
They plan to present their findings Saturday at the Def Con hacker conference in Las Vegas.
takyon: The researchers tested three skateboards and found vulnerabilities in each. They completed an exploit for a $1500 American-made "Boosted" board, and are working on an exploit for a $700 board called E-Go made by China-based firm Yuneec.
(Score: 2) by pkrasimirov on Tuesday August 04 2015, @07:14PM
I remember Jimi Heselden [wikipedia.org] falling off a cliff while riding his Segway.
(Score: 3, Touché) by acid andy on Tuesday August 04 2015, @07:24PM
I see how the TFA gave you a good segue into that comment.
If a cat has kittens, does a rat have rittens, a bat bittens and a mat mittens?
(Score: 2) by acid andy on Tuesday August 04 2015, @07:30PM
I just read about what actually happened and realise my sibling comment may appear in bad taste.
RIP Jimi.
If a cat has kittens, does a rat have rittens, a bat bittens and a mat mittens?
(Score: 3, Informative) by VLM on Tuesday August 04 2015, @07:34PM
The story changes from headline to more details.
They found at least one critical vulnerability in each board, all of which hinge on the fact that the manufacturers of the boards failed to encrypt the communication between the remotes and the boards.
This is along the lines of the "hack" where you can go to any makerfaire type event with an xbee or whatever its called board, and pair up and F around with other peoples stuff (often quite accidentally)
There are several classes of owning or hacking a skateboard. Another one is I'm licensed to transmit 1500 watts in the 2.4 GHz ham radio band, although I don't own gear of that level at this time. Another would be reprogramming the firmware over the internet or wtf.
It should be simple enough to avoid this particular "hack" by just using a wired controller or an even slightly secured bluetooth.
Something interesting to think about is I use plain old unsecured BT RFCOMM to connect my android phone/tablet running Torque to a bluetooth no-name ODB-II reader for my car(s) and it works quite well but its amusing to think of my unsecured ODB-II reader connecting to some kids skateboard or some kids skateboard connecting to my ODB-II application. Just good luck some kid has never rolled by while I'm screwing around with a car.
(Score: 3, Informative) by PinkyGigglebrain on Tuesday August 04 2015, @07:42PM
An electric skateboard?
Just when I think I have heard the ultimate in laziness something else comes along..
And even better, a hackable electric skateboard.
Admittedly I can see how securing a skateboard against a cyber attack would not occur to most people who would build one But I can totally see how trying to hack one would appeal to a true Hacker.
"Beware those who would deny you Knowledge, For in their hearts they dream themselves your Master."
(Score: 3, Funny) by carguy on Tuesday August 04 2015, @10:18PM
http://xkcd.com/139/ [xkcd.com]
"I Have Owned Two Electric Skateboards"
(Score: 3, Insightful) by Techwolf on Tuesday August 04 2015, @07:57PM
They should have created a box that has a "faceplant" button and sold them to busness owners and pedisterions to handle the rude kids on them.
(Score: 3, Funny) by Celestial on Tuesday August 04 2015, @08:15PM
(Score: 2) by wonkey_monkey on Tuesday August 04 2015, @09:16PM
[The attack] is basically a synthetic version of the same RF noise [at that intersection in Melbourne]
The missing information is from the opening paragraphs of the article:
Richo Healey was riding his electric skateboard toward an intersection in Melbourne, Australia, last year when suddenly the board cold-stopped beneath him and tossed him to the street. He couldn’t control the board and couldn’t figure out what was wrong. There was no obvious mechanical defect, so being a computer security engineer, his mind naturally flew to other scenarios: could he have been hacked?
It didn’t take long to determine that Bluetooth noise in the neighborhood was the likely culprit.
Also from the article:
a nearby attacker can easily insert himself
Eww.
systemd is Roko's Basilisk
(Score: 2, Informative) by LowSpeedHighDrag on Tuesday August 04 2015, @11:58PM
I have a Metroboard and it actually uses an IR remote. The board originally came with a bluetooth remote that was prone to occasional drop outs. (Not a huge deal, but annoying, the board just shuts off the motor and coasts to a stop when the connection is dropped.) Newer models changed to IR which I upgraded to and is very reliable. The IR requires a clear line of sight so it would be pretty difficult to physically get a hacked IR signal aimed at the board sensor for any length or time (which points straight up) while I'm riding by.
As another poster noted: A wired controller wouldn't really be very hard or much of a problem riding. I'd just have a reinforced cord tether and a plug that would safely pull out with a hard pull.
(Score: 0) by Anonymous Coward on Wednesday August 05 2015, @03:03AM
Its a named exploit. Its going to be big!