An Interest In:
Web News this Week
- March 26, 2024
- March 25, 2024
- March 24, 2024
- March 23, 2024
- March 22, 2024
- March 21, 2024
- March 20, 2024
February 12, 2019 02:45 pm
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/musI-FBb1d0/xiaomis-popular-electric-scooter-m365-can-be-hacked-to-speed-up-or-stop
Xiaomi's Popular Electric Scooter M365 Can Be Hacked To Speed Up or Stop
The fleets of electric scooters that have inundated cities are alarming enough as is. Now add cybersercurity concerns to the list: Researchers from the mobile security firm Zimperium are warning that Xiaomi's popular M365 scooter model has a worrying bug. From a report: The flaw could allow an attacker to remotely take over any of the scooters to control crucial things like, ahem, acceleration and braking. Rani Idan, Zimperium's director of software research, says he found and was able to exploit the flaw within hours of assessing the M365's security. His analysis found that the scooters contain three software components: battery management, firmware that coordinates between hardware and software, and a Bluetooth module that lets users communicate with their scooter via a smartphone app. The latter leaves the devices woefully exposed. Idan quickly found that he could connect to the scooter via Bluetooth without being asked to enter a password or otherwise authenticate. From there, he could go a step further and install firmware on the scooter without the system checking that this new software was an official, trusted Xiaomi update. This means that an attacker could easily put malware on a scooter, giving herself full command over it. "I was able to control any of the scooter features without authentication and install malicious firmware," Idan says. "An attacker could brake suddenly, or accelerate a person into traffic, or whatever the worst case scenario you can imagine."Read more of this story at Slashdot.
Original Link: http://rss.slashdot.org/~r/Slashdot/slashdot/~3/musI-FBb1d0/xiaomis-popular-electric-scooter-m365-can-be-hacked-to-speed-up-or-stop
Share this article:
Tweet
View Full Article
Slashdot
Slashdot was originally created in September of 1997 by Rob "CmdrTaco" Malda. Today it is owned by Geeknet, Inc..More About this Source Visit Slashdot