Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


ForumsTransport (cars, bikes and boats)Reasons to hate scooters
kingdragonfly

11984 posts

Uber Geek
+1 received by user: 12867

Subscriber

#245652 14-Feb-2019 20:00
Send private message

Another reason to hate scooters

https://blog.zimperium.com/dont-give-me-a-brake-xiaomi-scooter-hack-enables-dangerous-accelerations-and-stops-for-unsuspecting-riders/

Don’t Give Me a Brake – Xiaomi Scooter Hack Enables Dangerous Accelerations and Stops for Unsuspecting Riders

"The rise of IoT devices brings with it a world of new opportunities and convenience, and unfortunately, serious risk. These risks can be found in your smart home, network devices, and even right under your feet – electric scooters, the new urban way to commute all over the world.

This is why Zimperium takes IoT security seriously, and why we are working closely with vendors and manufacturers alike to increase security on IoT.

As part of our IoT research in Zimperium’s zLabs team, we looked at the Xiaomi M365 electric scooter and put it under our scope.

Xiaomi’s scooter has a significant market share and is being used by different brands with some modifications. Bluetooth communication is utilized to manage the scooter.

The Bluetooth access allows the user to interact with the scooter for multiple features such as an Anti-Theft System, Cruise-Control, Eco Mode and updating the scooter’s firmware. To access those features the user can use a dedicated app, and every scooter is protected by a password that can be changed by the user.

During our research, we determined the password is not being used properly as part of the authentication process with the scooter and that all commands can be executed without the password. The password is only validated on the application side, but the scooter itself doesn’t keep track of the authentication state.

Therefore, we can use all of these features without the need for authentication.

In the video below, we demonstrate a PoC locking the scooter using our malicious application that scans for nearby Xiaomi M365 scooters and disables them by using the anti-theft feature of the scooter – – without authentication or the user consent.

The app sends a crafted payload using the correct byte sequence to issue a command that will lock any nearby scooter in the distance of up to 100 meters away."

Create new topic
richms
29097 posts

Uber Geek
+1 received by user: 10205

Trusted
Lifetime subscriber

  #2178520 14-Feb-2019 20:05
Send private message

No, that is a reason to hate insecure crap that has a radio or internet connection in it.




Richard rich.ms



freitasm
BDFL - Memuneh
80646 posts

Uber Geek
+1 received by user: 41024

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #2178526 14-Feb-2019 20:21
Send private message

Please use the existing Xiaomi M365 thread. No reason to create a new topic for this.




Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies 

 

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

 

Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright