Slashdot Mirror
Xiaomi's Popular Electric Scooter M365 Can Be Hacked To Speed Up or Stop (wired.com)
The fleets of electric scooters that have inundated cities are alarming enough as is. Now add cybersercurity concerns to the list: Researchers from the mobile security firm Zimperium are warning that Xiaomi's popular M365 scooter model has a worrying bug. From a report: The flaw could allow an attacker to remotely take over any of the scooters to control crucial things like, ahem, acceleration and braking. Rani Idan, Zimperium's director of software research, says he found and was able to exploit the flaw within hours of assessing the M365's security. His analysis found that the scooters contain three software components: battery management, firmware that coordinates between hardware and software, and a Bluetooth module that lets users communicate with their scooter via a smartphone app. The latter leaves the devices woefully exposed.
Idan quickly found that he could connect to the scooter via Bluetooth without being asked to enter a password or otherwise authenticate. From there, he could go a step further and install firmware on the scooter without the system checking that this new software was an official, trusted Xiaomi update. This means that an attacker could easily put malware on a scooter, giving herself full command over it. "I was able to control any of the scooter features without authentication and install malicious firmware," Idan says. "An attacker could brake suddenly, or accelerate a person into traffic, or whatever the worst case scenario you can imagine."
Idan quickly found that he could connect to the scooter via Bluetooth without being asked to enter a password or otherwise authenticate. From there, he could go a step further and install firmware on the scooter without the system checking that this new software was an official, trusted Xiaomi update. This means that an attacker could easily put malware on a scooter, giving herself full command over it. "I was able to control any of the scooter features without authentication and install malicious firmware," Idan says. "An attacker could brake suddenly, or accelerate a person into traffic, or whatever the worst case scenario you can imagine."
Why the fuck does a scooter need Bluetooth,
They needed a killer feature and the 'buttplug built into the seat' idea - a safety feature to keep you on the scooter - was determined to be too ahead of its time...
https://southpark.fandom.com/w...
#DeleteFacebook
"An attacker could brake suddenly, or accelerate a person into traffic, or whatever the worst case scenario you can imagine."
Like a government official bans them in the name of safety, but really doing so at the behest of car companies or the bus drivers' union?
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
"An attacker could brake suddenly, or accelerate a person into traffic, or whatever the worst case scenario you can imagine."
I don't know, I can imagine some pretty amazing sequences of events that would be best described as "Rube Goldberg Final Destination directed by Michael Bay" but I'd be willing to bet that in reality "accelerate a person into traffic" is as bad as it'd ever get, and even that would assume the person somehow never thought to let go of the scooter. Everything else that's actually likely basically amounts to "make scooter rider fall down".
I used to get high on life, but I developed a tolerance. Now I need something stronger.