Hackers hacked into electric scooters. But there will be mor

Hackers hacked into electric scooters. But there will be mor

February 19, 2019 0 By autotimesnews

The American-Israeli company Zimperium Labs presented yet another proof of the vulnerability of all electronic devices. This time, the example of the electric scooter of the Chinese company Xiaomi.

The Internet of Things (IoT) is the concept of a network of physical objects (“things”) equipped with embedded technologies for interacting with each other or with the external environment. The number of IoT devices is constantly growing, and this brings new opportunities and new risks to the world. In the American-Israeli company Zimperium (dealing with computer security problems), it is noted that absolutely all connected devices, be it a “smart” house, gadgets, electric scooters, etc., can be exposed to intruders.

This is well demonstrated in the video. At the intersection, the green light comes on, people on the electric scooters cross the road, and only one owner cannot cope with his vehicle: it spontaneously slows down, and as a result it has to be manually dragged across the road.

Video released for educational purposes and evaluation by researchers and should not be used as a guide to action, says the official website of the company Zimperium. In addition, it was published only after the transfer of this information to Xiaomi company itself, which thanked the programmers and is already working to eliminate this vulnerability.

Xiaomi scooters occupy a significant share of the Chinese market for this type of equipment. To control the scooter, the host uses a Bluetooth connection, which allows him to interact with the vehicle to activate several functions, such as connecting an anti-theft system, cruise control and eco-mode, and firmware updates. To access these functions, the user uses a special application. Each device is protected by its unique password, which can be changed by the user. However, programmers found out that the password can be bypassed and all commands can be executed without it.

The video demonstrates how a programmer is blocking the Xiaomi M365 using a malicious application, disabling it using the anti-theft scooter protection feature – without authentication or user consent.

Malicious application can give a command and block any nearby scooter of this brand at a distance of up to 100 meters from the hacker. The attack can be of different properties – the electric scooter can be forced to suddenly slow down or accelerate, in addition, it can install a new firmware on it and thus gain complete control over the vehicle.