Xiaomi electric scooter explosion hole, hackers can remotely control acceleration and lock the car!
Electric scooters are popular in the United States. Zimperium, a security company, recently released a research report, revealing that there is a loophole in the Bluetooth device of Xiaomi Electric Scooter. Hackers can use mobile phones to add fuel to the scooters on the road and step on the brakes, causing safety hazards.
The leaked M365 model electric scooter is very popular. The owner can use the various functions of the scooter through Bluetooth connection, such as remote locking anti-theft, driving mode control and so on. In general, these permissions are protected by a user-set password, but Zimperium finds that the Bluetooth device's authentication program is not executed correctly, and all commands and functions can be started without a password.
A mobile phone, hackers can randomly control the scooter on the road
Zimperium also demonstrates how to black into the Xiaomi electric scooter through the video. Through the app in the mobile phone, the hacker can scan the nearby M365 scooter without any preparation, and send the command to lock the skateboard without the user's knowledge. Cars, implant malicious programs or add fuel to the scooter, step on the brakes, control distance up to 100 meters.
Hackers can randomly attack the M365 electric scooter on the road.
At present, Xiaomi said, "This vulnerability is an internal known issue and has been made public, but since this (M365) is a product that works with third parties, we are also working hard to find a solution."
It is worth noting that the M365 model is also used by the American shared electric scooter Bird. In response, a Bird spokesperson claimed that the loophole was known to them a year ago and would not have any impact on the shared electric scooter that it runs. Another shared electric scooter company, Lime, said they did not use any M365 models. Vehicles.
Before Xiaomi officially released the update and repair vulnerabilities, the lord could not take advantage of the connection between the mobile phone and the scooter as long as it was in use.
Sharing the trend and business opportunities of electric scooters in Europe and the United States, let it begin to enter the hacker's sight. This incident is not the first time that an electric scooter has been hacked. In December last year, foreign media "Boing Boing" introduced how to use a $30 electronic kit to crack a system on a Bird shared electric scooter. It is based on its own, and the media has even been warned by Bird.
The Internet of Things brings convenience, but it also becomes a conduit for hacking.
Internet of Things technology makes the new rising traffic medium such as electric scooters have the convenience and connectivity beyond traditional walking tools. You can easily confirm their status and location and enable multiple functions with your mobile phone, but the information that comes with it Security has also become the number one problem that vendors must face.
What is plagued by the security problem is not only these small, lightweight, and easy-to-use electric scooters, but even the electric car manufacturer Tesla is inevitable. In September last year, a hacker team at the Catholic University of Leuven in Belgium, at a conference in Amsterdam, published a study on how to crack Model-S in just 1.6 seconds through a $600 radio and electronic device. The key combination, open the door and steal an electric car. Tesla has now completed the fix for this vulnerability.
In the category of "cars", IoT products with security problems are numerous. From smart watches, voice assistants to home robots, there have been precedents of vulnerabilities and hacking. For example, a child smart watch launched by a Hong Kong manufacturer has been exposed to major flaws. People who are interested in disguising their parents to make a phone call have doubts about their safety. Benefiting from advanced IoT technology, home appliances, products and users have a close connection, but the hidden worries behind it are also people must recognize.
Source: The Verge, Zimperium, Boing Boing