How to e-Scooters vulnerable your life?
By MYBRANDBOOK
We are in the era of Smart Devices, which makes our lives easier, faster, and more efficient with high accuracy. But certainly an insecure smart device can also ruin your day, or sometime could even turn into the worst nightmare of your life. Think of an e-scooter; if you are an electric scooter rider, you should be concerned about yourself if its security is being hacked.
In an online report in advance, researchers from mobile security firm Zimperium said to have discovered an easy-to-execute but serious vulnerability in M365 Folding Electric Scooter by Xiaomi that could potentially put riders' life at risk.
Xiaomi e-Scooter has a significant market share and is also being used by different brands with some modifications. Xiaomi M365 Electric Scooter comes with a mobile app that utilizes password-protected Bluetooth communication, allowing its riders to securely interact with their scooters remotely for multiple features like changing password, enabling the anti-theft system, cruise-control, eco mode, updating the scooter's firmware, and viewing other real-time riding statistics. However, researchers find that due to improper validation of password at the scooter’s end, a remote attacker, up to 100 meters away, could send unauthenticated commands over Bluetooth to a targeted vehicle without requiring the user-defined password.
"During our research, we determined the password is not being used properly as part of the authentication process with the scooter and that all commands can be executed without the password," Rani Idan, researcher with Zimperium zLabs, explains in a online report.
"The password is only validated on the application side, but the scooter itself doesn’t keep track of the authentication state."
By exploiting this issue, an attacker can perform the following attack scenarios -
Locking Scooters- A sort of a denial-of-service attack, wherein an attacker can suddenly lock any M365 scooter in the middle of the traffic.
Deploying Malware- Since the app allows riders to upgrade scooter’s firmware remotely, an attacker can also push malicious firmware to take full control over the scooter.
Targeted Attack [Brake/Accelerate]- Remote attackers can even target an individual rider and cause the scooter to suddenly brake or accelerate.
To demonstrate one of the attack scenarios, as shown in the video, researchers developed a specialized proof-of-concept (PoC) app that scans for nearby Xiaomi M365 scooters and locks them by using the anti-theft feature of the scooter, without authentication or victim's knowledge.
"The app sends a crafted payload using the correct byte sequence to issue a command that will lock any nearby scooter in the distance of up to 100 meters away," the researchers say.
The researchers also developed a PoC app for installing malicious firmware capable of accelerating the scooter, but due to the safety concerns of the M365 Electric scooter riders, they will not publish its PoC.
Zimperium already reported their findings to Xiaomi two weeks ago. The Chinese company acknowledged them, saying that its team was aware of the issue and is working on a fix to address it.
Since there is no mitigation that users can deploy at their end, M365 Electric scooter riders are recommended to implement the patches as soon as they become available. Until then, they can not do anything except avoid riding their scooters for a while.
Singapore to remove One-Time Passwords from Bank Accounts
According to the Monetary Authority of Singapore, clients who utilise secur...
Is 375 million Airtel subscribers database breached?
When a hacker claims to have accessed and put up for sale a customer databa...
The government of India intends to construct a single portal f
A single portal will be launched by the Indian government to list all of it...
OpenAI offers GPT-4o, a faster model available to all users at
GPT-4o, a faster and more sophisticated AI model, is made available to all...
BPE INDIA PVT. LTD.
BEETEL TELETECH LTD.
LAVA INTERNATIONAL LTD.
FRESHWORKS TECHNOLOGIES PVT. LTD.
Icons Of India : Arundhati Bhattacharya
Arundhati Bhattacharya serves as the Chairperson and CEO of Salesforce...
ICONS OF INDIA : SACHIN BANSAL
Sachin Bansal is an Indian entrepreneur. He is best known as the found...
Icons Of India : Deepak Sharma
Deepak Sharma spearheads Schneider Electric India. He brings with him ...
CERT-IN - Indian Computer Emergency Response Team
CERT-In is a national nodal agency for responding to computer security...
GSTN - Goods and Services Tax Network
GSTN provides shared IT infrastructure and service to both central and...
PFC - Power Finance Corporation Ltd
PFC is a leading financial institution in India specializing in power ...
Indian Tech Talent Excelling The Tech World - AJAY BANGA, President - World Bank
Ajay Banga is an Indian-born American business executive who currently...
Indian Tech Talent Excelling The Tech World - JAYASHREE ULLAL, President and CEO - Arista Network
Jayshree V. Ullal is a British-American billionaire businesswoman, ser...
Indian Tech Talent Excelling The Tech World - Lal Karsanbhai, President & CEO, Emerson
Lal Karsanbhai, President and CEO of Emerson, assumed the leadership i...