If you see people on electric scooters wildly accelerating and braking, it might not only be because of the usual electric scooter nonsense.
That’s because a newly-discovered security flaw in a particular scooter’s software can be exploited by hackers who can remotely accelerate or brake someone else’s scooter, according to WIRED. It’s a finding that highlights the fraught landscape of advanced transportation.
The scooter in question is Xiaomi’s M365. A team of security researchers from a company called Zimperium were able to find and exploit the security flaw in a matter of hours.
“I was able to control any of the scooter features without authentication and install malicious firmware,” Rani Idan, director of software research at Zimperium, told Wired. “An attacker could brake suddenly, or accelerate a person into traffic, or whatever the worst case scenario you can imagine.”
Plunder and Pillage
The problem comes down to the Bluetooth-enabled connection between scooter and smartphone app. The security researchers found that they could connect to an M365 scooter without even being prompted for a password. From there, they could inject their own malware — disguised as an official update from Xiaomi — into the scooter’s code that granted them total control over the scooter’s hardware.
“You would probably think those devices would implement the best security protections possible,” Idan told Wired. “But unfortunately that is not always the case.”
READ MORE: A POPULAR ELECTRIC SCOOTER CAN BE HACKED TO SPEED UP OR STOP [Wired]
More on scooters: Lime Recalled Thousands of Scooters Because They Were Catching Fire