Thursday, June 20, 2019
Home Tech Xiaomi electric scooters can be hacked remotely: the manufacturer prepares a patch

Xiaomi electric scooters can be hacked remotely: the manufacturer prepares a patch

Update of February 13, 2019:

Shortly after the release of this article, Xiaomi contacted us to make sure that a corrective update was currently under development. Discover the official reaction of the manufacturer below:

" Xiaomi takes the utmost care in the design and manufacture of its products, and takes the feedback of its users and the safety of its community to heart.

That's why, as soon as we were informed of the possibility for malicious hackers, to take remote control of running scooters, we started to work on a solution to fix it and block access to any non application. authorized.

In parallel, Xiaomi's product and security teams prepare an OTA update which will be available as soon as possible.We are fully committed to the constant improvement of our products and services, in particular based on the feedback received, in order to offer products that are always efficient and safer. "

Xiaomi's electric scooters can easily be hacked remotely, report researchers in computer security. By studying the Mi Scooter more closely, they have indeed discovered a serious security breach in the bluetooth connection of the device. Explanations.

xiaomi scooters hacking

"As part of our research on connected objects, we examined the Xiaomi M365 electric scooter (Editor's note: called Xiaomi Mi Scooter in France) and went through a magnifying glass » explain the researchers at Zimperium, Inc. a US-based mobile security firm, in a study relayed by our colleagues at Numerama.

A flaw can hack the Xiaomi Mi Scooter remotely

According to the researchers, a hacker can easily take control of a Xiaomi scooter at a distance of 100 meters without ever needing physical access to the vehicle. The flaw identified by Zimperium is in the bluetooth system, which is used for software updates, anti-theft system or speed control.

Read also: the best electric scooters of 2019

These features are grouped in a dedicated application locked by a password. In theory, the user is therefore able to prohibit access to the settings and control of the machine to a third person. In practice, this security only protects access to the application and not to the scooter. "The password is validated only on the side of the application, but the scooter itself does not keep track of the authentication" regret the experts. To take control of a Mi Scooter, the researchers have created an application that allows to connect in pass through the box identifiers and password. With this trick, they managed to remotely lock the antitheft all scooters present at a maximum distance of 100 meters.

According to Zimperium, hackers could use this loophole in several different ways : by simply blocking the scooter, incorporating incognito a malware able to control the machine over a longer distance and forcing the scooter to accelerate against the will of his driver. They present the risks generated by this type of flaws in the video below. Not surprisingly, Zimperium informed Xiaomi of the existence of a serious flaw.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Must Read

"a huge mistake", for Donald Trump

Iran shot down an American drone it thought was in its airspace, provoking a strong reaction from the US president....

Benalla case: "We have certainly played down," admits Brigitte Macron

Brigitte Macron acknowledged that the presidential couple did not take sufficient account of the Benalla affair. "Personally, I was surprised at the extent it...

Rabiot and Juventus Turin, it's hot

For Adrien Rabiot, penance will soon end. The team's first loss since this winter, his contract with the club will end on June 30....

Annecy, it's over, but the winners are picked up in Lyon and Paris

Before a possible winter edition of the Annecy Festival resuming a selection of films from the official selection with novelties at the end of...