The flaw allows sending unauthenticated commands via Bluetooth to the scooter
Although the use of smart devices has simplified many daily tasks, network security and ethical hacking specialists also emphasize that over trusting an unsafe device could be detrimental to users, even could compromise their physical integrity.
This seems to be the case with electric scooters. According to a group of researchers, a critical and really easy to exploit vulnerability has been discovered in the M365 Folding Electric Scooter of the Chinese manufacturer Xiaomi. According to network security experts, exploiting this error could put the user’s life at risk.
The electric scooter of Xiaomi has a considerable market and is used by other companies, implementing some modifications with permission of the Chinese organization.
The M365 must be linked to an app via Bluetooth, password-protected, which enables users to access functions such as anti-theft system, system updates, activate various user modes and access to the scooter usage statistics.
According to experts in network security, incorrect password validation on the scooter allows an attacker to send unauthenticated commands via Bluetooth without the need to use the user’s password. The attack can be carried out at a distance of up to 100 meters.
“We found that the password is not being used the right way in the authentication process when the app is linked to the scooter, so any command can be executed without the password,” said Rani Idan, a cybersecurity specialist.
If the vulnerability is exploited successfully, a hacker could perform a variety of malicious actions, such as:
- Scooter locking: An attacker could suddenly lock any scooter, even if it is moving; it’s something like a DDoS attack
- Malware deployment: The M365 app allows the user to upgrade the scooter firmware remotely, so an attacker could deliver a malicious firmware that allows them to take control of the scooter
- Targeted attacks: Attackers could cause a scooter to accelerate or brake suddenly
The researchers carried out a proof of concept to demonstrate some of the possible scenarios. To do so, they developed an app that seeks nearby M365 scooters and blocks them by using the anti-theft function, no victim’s interaction needed.