E-scooters are already populating the streets of many large cities. But while some are concerned about the dangers of being hit by such a scooter, there is another, more hi-tech hazard lurking.
A video published by the security company Zimperium shows us the problem. With this, the researchers want to warn of a critical bug in Xiaomi's popular M365 electric scooter, which is also used by rental companies such as Lyft or Bird. This allows remote attackers to take control of the scooter and then influence critical functions such as acceleration and deceleration.
The experts make use of the software structure of the e-scooter. It consists of three columns: battery management, the firmware for communication between software and hardware, and a Bluetooth module. Via the latter, owners can "communicate" with the Xiaomi M365 via the smartphone.
Rani Idan, Zimperium's Director of Software Research, found out that you could connect to the scooter without being asked for a password or anything. Afterwards, a new software can be installed in a few seconds, which does not check whether it officially comes from the manufacturer. This means that attackers can easily install malware and gain full control over the scooter.
Error cannot be fixed (currently)
Worse scenarios are conceivable here, in which the users of the e-scooter are "steered" into the flowing traffic or suddenly slowed down. Of course, with such a scooter, it is easier to jump off in order to prevent worse things from happening. But it is possible that you will not react quickly enough due to the surprise or that the sudden jump-off will cause an accident.
As if that weren't already frightening enough, there is also Xiaomi's statement on the subject. According to Zimperium, they informed Xiaomi about the problem and got the answer that Xiaomi was already aware of the problem, but that it cannot solve it at this time. The reason for this might be that the manufacturer gets the Bluetooth interface from a third party and does not program it himself.
E-scooters are on the rise, so is the risk
It is not the first time that one of the so-called electric light vehicles can be hacked. In 2017, researchers found a critical vulnerability in the Segway MiniPro hoverboards. And it will certainly not be the last oversight that creeps into the vehicles.
That's scary, especially with the future in mind. Because the small e-scooters are on the advance and it won't be long before, for example, small manufacturers push their way onto the market with half-baked and quickly assembled software and represent a potential risk. There is an urgent need for guidelines to be laid down to ensure greater safety!
Do you use e-scooters?