Sign up to our free weekly IndyTech newsletter delivered straight to your inbox
Sign up to our free IndyTech newsletter
Hackers could have used a vulnerability in electric scooters to cause road traffic collisions, researchers have revealed.
They found a number of “critical” security flaws in a popular type of self-balancing electric scooter – also widely known as a ‘hoverboard’ – that could let criminals remotely take control of one, even if it was being driven at the time.
If they wanted to, they could throw the rider off by making it come to an abrupt stop, or even drive it into traffic.
Gadget and tech news: In pictures
Show all 25
IOActive researcher Thomas Kilbride discovered the issue with the Ninebot by Segway MiniPRO, a model that costs around £700 and can reach speeds of 10mph.
He was able to seize full control of it by “[performing] a firmware update of the scooter’s control system without authentication and [modifying] the controller firmware to remove rider detection”, says the security firm.
“Most riders are in close proximity to automotive traffic and if someone were to fall off at the wrong time then it could easily result in a serious traffic injury or death,” Mr Kilbride told the Independent.
He added: “FTC regulations do require scooters to meet certain mechanical and electrical specifications to help avoid battery fires and various mechanical failures.
“However, there are currently no regulations centered on firmware integrity and validation, despite being integral to the safety of the system. As my research indicates, this lack of regulation could lead to a number of dangerous situations.”
“With the proper equipment an attacker would be able to attack multiple hoverboards, but only if they were within Bluetooth range,” Mr Kilbride continued.
“As with all wireless systems, it’s hard to put exact measurements on a maximum range. With specialised equipment I’m comfortable saying that an attacker could run this exploit at a couple hundred feet, but we have not tested this. With standard Bluetooth equipment (i.e. a smartphone) then the range would be about 10m or 33ft.”
IOActive disclosed the vulnerabilities to Segway, which has now addressed the issues.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies