Tuesday, July 23, 2019
Home Tech Xiaomi electric scooters can be hacked remotely: the manufacturer prepares a patch

Xiaomi electric scooters can be hacked remotely: the manufacturer prepares a patch

Update of February 13, 2019:

Shortly after the release of this article, Xiaomi contacted us to make sure that a corrective update was currently under development. Discover the official reaction of the manufacturer below:

" Xiaomi takes the utmost care in the design and manufacture of its products, and takes the feedback of its users and the safety of its community to heart.

That's why, as soon as we were informed of the possibility for malicious hackers, to take remote control of running scooters, we started to work on a solution to fix it and block access to any non application. authorized.

In parallel, Xiaomi's product and security teams prepare an OTA update which will be available as soon as possible.We are fully committed to the constant improvement of our products and services, in particular based on the feedback received, in order to offer products that are always efficient and safer. "

Xiaomi's electric scooters can easily be hacked remotely, report researchers in computer security. By studying the Mi Scooter more closely, they have indeed discovered a serious security breach in the bluetooth connection of the device. Explanations.

xiaomi scooters hacking

"As part of our research on connected objects, we examined the Xiaomi M365 electric scooter (Editor's note: called Xiaomi Mi Scooter in France) and went through a magnifying glass » explain the researchers at Zimperium, Inc. a US-based mobile security firm, in a study relayed by our colleagues at Numerama.

A flaw can hack the Xiaomi Mi Scooter remotely

According to the researchers, a hacker can easily take control of a Xiaomi scooter at a distance of 100 meters without ever needing physical access to the vehicle. The flaw identified by Zimperium is in the bluetooth system, which is used for software updates, anti-theft system or speed control.

Read also: the best electric scooters of 2019

These features are grouped in a dedicated application locked by a password. In theory, the user is therefore able to prohibit access to the settings and control of the machine to a third person. In practice, this security only protects access to the application and not to the scooter. "The password is validated only on the side of the application, but the scooter itself does not keep track of the authentication" regret the experts. To take control of a Mi Scooter, the researchers have created an application that allows to connect in pass through the box identifiers and password. With this trick, they managed to remotely lock the antitheft all scooters present at a maximum distance of 100 meters.

According to Zimperium, hackers could use this loophole in several different ways : by simply blocking the scooter, incorporating incognito a malware able to control the machine over a longer distance and forcing the scooter to accelerate against the will of his driver. They present the risks generated by this type of flaws in the video below. Not surprisingly, Zimperium informed Xiaomi of the existence of a serious flaw.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Must Read

Someday, to Arm Implant May Prevent H.I.V. Infection for a Year

In what could eventually become a milestone for H.I.V. prevention, very preliminary tests on an implant containing a new drug.The new implant, by the...

Count on the Tav: "Government is for yes"

The government dissolves the reservations and says yes to the TAV. It...

What is it and how it works

Meat cuts with fat. Cheese pieces. A lot of bacon, barbecue and even “carnitas”.It may interest you: These are the worst diets of the...

Photo 1: Britney Spears makes debut with her boyfriend 12 years younger on a red carpet

After four years of romance, the singer was finally encouraged to make her first appearance at a public event with her boyfriend, model Sam...

Bevin in Colorado as Kentucky lawmakers meet in one sitting

FRANKFORT, Ky. (AP) - As the legislature in Kentucky is working on a pension law that it wishes to pass, Republican Governor Matt Bevin...