[ad_1]
A popular electric scooter with dockless carpool services, can be designed to accelerate or brake suddenly halfway through a flaw in the device's Bluetooth module, reported Tuesday the security research firm Zimperium.
In a video released today, Zimperium researchers were able to demonstrate their "proof of contact" with the popular Xiaomi M365 scooter. The scooter has been designed to allow users to lock it remotely with the help of a Bluetooth enabled application, to prevent anyone from driving it.
Thanks to hacking, Zimperium was able to target all pbaders-by of any Xiaomi M365, blocking the device, forcing it to accelerate and brake, without physically accessing the scooter. Researchers could issue commands to handle any scooter up to 100 meters.
The security breach could be used by malicious hackers to carry out a number of attacks. A denial of service (DoS) attack can be used to remotely lock any M365 scooter, while a malicious software attack can be used to install new firmware taking complete control of the scooter. Hackers could also target a cyclist and cause the braking or acceleration of the scooter.
Zimperium has reportedly reported the vulnerability of Xiaomi, which has not yet updated its software. But a spokesman for the Chinese company said Zimperium did not use Xiaomi's security reporting tool. A Zimperium spokesperson provided a copy of the official report filed on the Xiaomi Security Portal, in which the company calls the bug "a known problem internally".
The Xiaomi M365, manufactured by the Chinese company Segway-Ninebot, is one of the most popular models among American ridesharing companies, such as Bird and Lime. A bird spokesman said his scooters were not affected by the virus, known for more than a year. A spokesman for Lime did not respond to a request for comment. In October, Lime removed an undisclosed number of Segway-Ninebot scooters from his fleet as he feared battery fires.
It is unclear how many Xiaomi M365 scooters are currently used by US ride – sharing companies, but most of them use them in their fleets, next to the Segway ES model.
"This could have an impact on any carpool service using Xiaomi scooters but not disabling or replacing the Xiaomi Bluetooth module," said Rani Idan, security researcher and platform manager at Zimperium, in an email. "In addition, Xiaomi scooters are renamed and sold under different names, these could be affected."
This is not the first security breach discovered in the fast growing market of electric scooters. Bird was caught in a controversy about a story about $ 30 kits for hacking his scooters. The kits, shipped from China, are essentially a plug-and-play way of disabling the Bird recovery and payment features to turn the scooter into your own system.
Source link
