In a recent report from Zimperium, the Xiaomi E-Scooter can be hacked in a way that results in its full remote control, which can be outright dangerous for people’s health.
Smart devices are all over the world and they are here to contribute to our daily lives. They can help us control our home by voice and from distance via our smartphone and they can also help us travel better. One such travelling device is the Xiaomi E-Scooter, which carries it’s burden along with being smart, because a vulnerability might be able to hack it remotely and turn it none other than dangerous for your life.
Xiaomi E-Scooter Hack Can Make It Accelerate and Stop Dangerously
Zimperium Researchers, during their study of vulnerabilities in IoT devices have recently established that instead of convenient device, the Xioami electric scooter can turn into a serious risk for your health and even life.The scooter model M365 was reported that if a password is not used properly into the authentication process of the scooter, all of the hack commands can be used to obtain control of it. The pass is only validated on the App side of the process, but the E-Scooter does not seem to be linked in any way to this authentication, making it a stand-alone opportunity for hackers.
As visible, the hacker can lock the electric scooter and stop it remotely from running. This dangerous process can turn the scooter into a complete nightmare for pedestrians and the one who rides it altogether.
Here is what the hack is also capable of doing:
- Locking your scooter by performing a DDoS attack where the hacker can suddenly lock the wheels wherever and however he wants.
- Inserting malware into your scooter’s firmware, which can allow the hacker to push a written program that can remotely control your scooter.
- The hacker can directly perform an attack with a pre-loaded action. It can cause your scooter to Brake and Accelerate to the maximum and even more, provided the coder knows how to program the firmware to push the scooter more than what is electronically allowed.
The hackers have explained that they use a vulnerability that takes advantage of the byte sequence to isse a command in the App of the scooter. This cammand can lock your scooter even if you are 100 metres away from the hacker.
The researchers have also made an app by themselves and it is coded in order to install firmware that can remotely control the scooter, but since the scooters are massively used, they have refrained from publishing the vulnerability and the app.
This is not the firs case when a smart device by Xiaomi is hacked:
The Good News
Xiaomi received a report from the Zimperium researchers and they have confirmed the reports and stated that their experts are currently working on a fix.
The M365 model of Xiaomi’s E-Scooter is reported to be soon patched. The issue is very concerning, since thousands of people have already purchased the scooter and this vulnerability puts their lives at risk, especially people in big cities.