How to e-Scooters vulnerable your life?
By MYBRANDBOOK
We are in the era of Smart Devices, which makes our lives easier, faster, and more efficient with high accuracy. But certainly an insecure smart device can also ruin your day, or sometime could even turn into the worst nightmare of your life. Think of an e-scooter; if you are an electric scooter rider, you should be concerned about yourself if its security is being hacked.
In an online report in advance, researchers from mobile security firm Zimperium said to have discovered an easy-to-execute but serious vulnerability in M365 Folding Electric Scooter by Xiaomi that could potentially put riders' life at risk.
Xiaomi e-Scooter has a significant market share and is also being used by different brands with some modifications. Xiaomi M365 Electric Scooter comes with a mobile app that utilizes password-protected Bluetooth communication, allowing its riders to securely interact with their scooters remotely for multiple features like changing password, enabling the anti-theft system, cruise-control, eco mode, updating the scooter's firmware, and viewing other real-time riding statistics. However, researchers find that due to improper validation of password at the scooter’s end, a remote attacker, up to 100 meters away, could send unauthenticated commands over Bluetooth to a targeted vehicle without requiring the user-defined password.
"During our research, we determined the password is not being used properly as part of the authentication process with the scooter and that all commands can be executed without the password," Rani Idan, researcher with Zimperium zLabs, explains in a online report.
"The password is only validated on the application side, but the scooter itself doesn’t keep track of the authentication state."
By exploiting this issue, an attacker can perform the following attack scenarios -
Locking Scooters- A sort of a denial-of-service attack, wherein an attacker can suddenly lock any M365 scooter in the middle of the traffic.
Deploying Malware- Since the app allows riders to upgrade scooter’s firmware remotely, an attacker can also push malicious firmware to take full control over the scooter.
Targeted Attack [Brake/Accelerate]- Remote attackers can even target an individual rider and cause the scooter to suddenly brake or accelerate.
To demonstrate one of the attack scenarios, as shown in the video, researchers developed a specialized proof-of-concept (PoC) app that scans for nearby Xiaomi M365 scooters and locks them by using the anti-theft feature of the scooter, without authentication or victim's knowledge.
"The app sends a crafted payload using the correct byte sequence to issue a command that will lock any nearby scooter in the distance of up to 100 meters away," the researchers say.
The researchers also developed a PoC app for installing malicious firmware capable of accelerating the scooter, but due to the safety concerns of the M365 Electric scooter riders, they will not publish its PoC.
Zimperium already reported their findings to Xiaomi two weeks ago. The Chinese company acknowledged them, saying that its team was aware of the issue and is working on a fix to address it.
Since there is no mitigation that users can deploy at their end, M365 Electric scooter riders are recommended to implement the patches as soon as they become available. Until then, they can not do anything except avoid riding their scooters for a while.
BHIM to join e-commerce, competing with PhonePe and Google Pay
The government-supported payment software BHIM is getting ready to join t...
The latest version of X helps prevent deepfakes on social medi
To combat deepfakes and shallowfakes, Elon Musk revealed a new update t...
India and Namibia collaborate on a payment system similar to U
Once operational, the platform will enable digital transactions in Namibia,...
Sebi issues show-cause notices to six Adani group firms
Sebi issued show-cause notices to six Adani Group firms, including Adani ...
AGGRESSIVE ELECTRONICS MANUFACTURING SERVICES PVT. LTD.
POLYCAB INDIA PVT. LTD.
SECUREYE SERVICES PVT. LTD.
TALLY SOLUTIONS PVT. LTD.
Technology Icons Of India 2023: Gautam Adani
Gautam Adani is the Founder and the Chairman of the Adani Group, an In...
Technology Icons Of India 2023: Anant Maheshwari
As President of Microsoft India, he is responsible for Microsoft’s o...
Technology Icons Of India 2023: Josh Foulger
Josh is the Country Head of India and MD of Bharat FIH Ltd (A Foxconn ...
CSCs enabling rural India digitally empowered
Common service centres (CSCs) are digital access points under the Digi...
TCIL continues to strengthen India with its technology expertise
TCIL undertakes consultancy & turnkey projects in the field of Telecom...
DRDO is India's largest and most diverse research organisation
DRDO is the R&D wing of Ministry of Defence, Govt of India, with a vis...
REDINGTON INDIA LIMITED
Redington (India) Limited operates in the IT product distribution busi...
INFLOW TECHNOLOGIES PVT. LTD.
Inflow Technologies is a niche player in the IT Infrastructure Distrib...
IRIS GLOBAL SERVICES PVT. LTD.
Iris Global services is one of the leading distribution houses that d...