from the just-another-vulnerable-IoT-device dept.
Xiaomi's popular M365 Folding Electric Scooter is remotely hackable via bluetooth according to security firm Zimperium.
due to improper validation of password at the scooter's end, a remote attacker, up to 100 meters away, could send unauthenticated commands over Bluetooth to a targeted vehicle without requiring the user-defined password.
This allows an unauthenticated attacker nearby to
Locking Scooters—A sort of a denial-of-service attack, wherein an attacker can suddenly lock any M365 scooter in the middle of the traffic.
Deploying Malware—Since the app allows riders to upgrade scooter's firmware remotely, an attacker can also push malicious firmware to take full control over the scooter.
Targeted Attack [Brake/Accelerate]—Remote attackers can even target an individual rider and cause the scooter to suddenly brake or accelerate.
A video is embedded showing a rider's scooter being disabled by a bystander.
Fortunately I still have my skateboard...and better health insurance than I used to.
(Score: 4, Interesting) by FatPhil on Wednesday February 13 2019, @01:13PM (3 children)
Great minds discuss ideas; average minds discuss events; small minds discuss people; the smallest discuss themselves
(Score: 0) by Anonymous Coward on Wednesday February 13 2019, @02:45PM (2 children)
'full control of the scooter'
I for one, welcome our new AI scooter overlords. May they clog the traffic of others too lazy to pedal.
(Score: 0) by Anonymous Coward on Wednesday February 13 2019, @04:34PM (1 child)
I see those scooters being ditched all over the place. I welcome anyone to hack those pieces of shit and make them their own, instead of them being impounded by police (which is cheaper to recover than hiring people to collect them). There's cheap kits on ebay to do that.
(Score: 2) by bob_super on Wednesday February 13 2019, @06:21PM
If everybody who hates the scooters walks around with an app that disables them within bluetooth radius, it won't take long for them to vanish from the streets.
(Score: 0) by Anonymous Coward on Wednesday February 13 2019, @06:59PM
Of course we still have laws that protect consumers if a vehicle is a hazard to the user or others, forcing the importer to recall or fix the vehicle, right???
(Score: 2) by PartTimeZombie on Wednesday February 13 2019, @07:46PM
Xiaomi recently opened one of their "Mi-Stores" in a mall near me, and it is incredibly half-arsed.
There are a bunch of their products looking lovely laid out on tables, and about half of them have a price on them at any given time.
They had one of their scooters last time I walked past, so I went to have a look, and it was lent up against a wall in the corner, with no indication of how it worked or how much it cost.
When I could get the attention of a staff member she told me "Oh, those are not available yet". I asked why they would have it out on the floor then, but she didn't know.
It is almost like they don't know what they're doing.