The flaw allows sending unauthenticated commands via Bluetooth to the scooter
Although the use of smart devices has simplified
many daily tasks, network
security and ethical hacking specialists also emphasize that over trusting
an unsafe device could be detrimental to users, even could compromise their
physical integrity.
This seems to be the case with electric
scooters. According to a group of researchers, a critical and really easy to
exploit vulnerability has been discovered in the M365 Folding Electric Scooter
of the Chinese manufacturer Xiaomi.
According to network security experts, exploiting this error could put the
user’s life at risk.
The electric scooter of Xiaomi has a
considerable market and is used by other companies, implementing some
modifications with permission of the Chinese organization.
The M365 must be linked to an app via
Bluetooth, password-protected, which enables users to access functions such as
anti-theft system, system updates, activate various user modes and access to the
scooter usage statistics.
According to experts in network security,
incorrect password validation on the scooter allows an attacker to send
unauthenticated commands via Bluetooth without the need to use the user’s
password. The attack can be carried out at a distance of up to 100 meters.
“We found that the password is not being used
the right way in the authentication process when the app is linked to the
scooter, so any command can be executed without the password,” said Rani Idan,
a cybersecurity specialist.
If the vulnerability is exploited successfully,
a hacker could perform a variety of malicious actions, such as:
- Scooter
locking: An attacker could suddenly lock any scooter, even if it is moving; it’s
something like a DDoS attack - Malware
deployment: The M365 app allows the user to upgrade the scooter firmware remotely,
so an attacker could deliver a malicious firmware that allows them to take
control of the scooter - Targeted
attacks: Attackers could cause a scooter to accelerate or brake suddenly
The researchers carried out a proof of concept
to demonstrate some of the possible scenarios. To do so, they developed an app
that seeks nearby M365 scooters and blocks them by using the anti-theft
function, no victim’s interaction needed.
