互联网络

The Xiaomi M365 Scooter Can Be Hacked to Speed Up or Stop

微信扫一扫,分享到朋友圈

The Xiaomi M365 Scooter Can Be Hacked to Speed Up or Stop
0

The fleets of electric scooters that have inundated cities
are alarming enough
as is. Now add cybersercurity concerns to the list: Researchers from the mobile security firm Zimperium are warning that Xiaomi’s popular M365 scooter model has a worrying bug. The flaw could allow an attacker to remotely take over any of the scooters to control crucial things like, ahem, acceleration and braking.

Rani Idan, Zimperium’s director of software research, says he found and was able to exploit the flaw within hours of assessing the M365’s security. His analysis found that the scooters contain three software components: battery management, firmware that coordinates between hardware and software, and a Bluetooth module that lets users communicate with their scooter via a smartphone app. The latter leaves the devices woefully exposed.

Idan quickly found that he could connect to the scooter via Bluetooth without being asked to enter a password or otherwise authenticate. From there, he could go a step further and install firmware on the scooter without the system checking that this new software was an official, trusted Xiaomi update. This means that an attacker could easily put malware on a scooter, giving herself full command over it.

“I was able to control any of the scooter features without authentication and install malicious firmware,” Idan says. “An attacker could brake suddenly, or accelerate a person into traffic, or whatever the worst case scenario you can imagine.”

Unfortunately, issues with Bluetooth implementation
, especially weak or missing authentication mechanisms, are nothing new in Internet of Things devices. Similarly, “integrity checks” to confirm the authenticity and trustworthiness of software and firmware updates are often overlooked. But while they can lead to all sorts of real privacy and security risks in general, they are obviously especially problematic in devices that can endangers a user’s physical safety.

"“I was able to control any of the scooter features without authentication."

Rani Idan, Zimperium

Researchers found asimilar set of flaws in Segway MiniPro hoverboards in 2017, but the company, which is owned by Chinese scooter-maker Ninebot, worked to fix the problems. Zimperium is concerned about what will happen with Idan’s findings, because when the company contacted Xiaomi to disclose the bugs, the scooter maker said it is aware of the problem and doesn’t have the ability to fix it on its own.

This is apparently because Xiaomi sources its Bluetooth implementation module from another third-party developer, rather than coding it in-house. Xiaomi did not respond to multiple requests for comment from WIRED. But the company told Zimperium that, “This is a known issue internally. The issue has been made public. Because it is a third party cooperation product we are also trying to communicate solutions to each other.”

In the meantime, M365 scooters are vulnerable to an array of takeover attacks. The user app that connects to the scooters does offer the option to set a password for accessing individual devices. But when Idan created proof-of-concept Android and iOS apps to test the weaknesses, he found that the system doesn’t require outside Bluetooth connections to authenticate even once a password has been set up in the official app.

Zimperium is taking the perhaps controversial step of publishing the Android version of this proof of concept in an attempt to prove the problem’s urgency, and warn as many people as possible. Zimperium chief technology officer John Michelsen argues that it is the only recourse security researchers have to motivate accountability in unresponsive IoT companies and electronics manufacturers in general.

Xiaomi M365 scooters are a popular consumer choice, and have even been used by ride sharing companies like Lyft and the scooter-specific service Bird. A customized version of the M365 was Bird’s first scooter model, but the company has already begun phasing it out unrelated to this research.

“IoT devices are everywhere—in our personal space, holding our most sensitive data, and in our daily routines,” Idan says. “You would probably think those devices would implement the best security protections possible, but unfortunately that is not always the case.”

Given the potential risk to users, it’s crucial for Xiaomi to respond to the research and find a way to issue stronger Bluetooth protections. In the meantime, keep applying official updates and, as always, wear a helmet.

More Great WIRED Stories

  • There’s still so much we need tolearn about weed—fast
  • TV’s second chance for trans representation—done right
  • Messenger lets you unsend now.Why don’t all apps?
  • What it takes to pull off the country’sfirst online census
  • With its new 911, Porsche improves the unimprovable
  • :eyes: Looking for the latest gadgets? Check out our latestbuying guides andbest deals all year round
  • :envelope_with_arrow: Want more? Sign up for our daily newsletter
    and never miss our latest and greatest stories

Related Video

Security

Watch Hackers Take Over a Segway Hoverboard With Someone On It

Using Bluetooth and firmware authentication hacks to steer a Segway/Ninebot MiniPRO Hoverboard from afar and even turn it off while a rider is on it. Researcher Thomas Kilbride, an embedded devices security consultant at IOActive, was able to further weaponize these attacks using a now-disabled GPS tracking feature that surfaced location data for MiniPRO Hoverboard users in a given area.

阅读原文...


Wired

Russia: Cargo Shipping Firm to Use Blockchain in Port Logistics

上一篇

What is your why?: T-SQL Tuesday #111

下一篇

您也可能喜欢

评论已经被关闭。

插入图片
The Xiaomi M365 Scooter Can Be Hacked to Speed Up or Stop

长按储存图像,分享给朋友