Tuesday, May 28, 2024

E-Scooters Can Be Hacked Using Remote Locking System Manipulation

Electric scooters, also called e-scooters, are a popular method of transportation in large cities.

They are small, portable, and can zip around sidewalks and in between pedestrians with ease. Unfortunately, their popularity isn’t just with law-abiding citizens.

Xiaomi M365 scooters were Vulnerable to Hack

A research conducted in Last year by Zimperium scooter companies like , Lime, and Bird discovered individuals were able to hack into the machines and make them perform a variety of actions without a rider’s knowledge.

One of the most significant studies was completed by Zimperium in last year, a mobile security company, they tested multiple Xiaomi M365 scooters and discovered the electronic system could be hacked.

The hacker could force the scooter to speed up, slow down, or stop completely at will.

The hack is done by accessing the Bluetooth app utilized by the Xiaomi M365, which was designed to allow users to remotely lock their scooter.

This hack is troubling news for the manufacturer of the Xiaomi M365. It could be utilized from over 100 meters (328 ft.) away and lock multiple scooters at once or just mess with a single one.

The Xiaomi M365 is one of the most popular models used by electric scooter rental companies around the world and in the United States.

Being able to affect the function of the scooter is not the only thing hackers can do. Someone with enough technical experience can force an e-scooter to stop, deactivate the brakes, and then put it in their vehicle to take away. Once the hacker is at a secure location, it is possible to remove the internal hardware and reprogram it for personal use.

Kit for hacking an e-scooter

It sounds like a fantasy, but it has been done numerous times around the world. A complete kit for hacking an e-scooter is available online for roughly $48, a fraction of the cost of an expensive e-scooter.

Someone unscrupulous enough would have an easy time making a Xiaomi M365 their own without investing too much time, money, or energy into the crime.

Of course, not all of the companies are worried. For Lime and Bird, the situation does not seem to be a problem at all despite multiplecontroversies.

First, although these companies do use the Xiaomi M365 -the preferred model of several rental companies, isolating and hacking an individual scooter in the city is not as easy as it sounds.

Someone would need to have a target in mind, figure out who is using it, and then monitor it until there are few witnesses to see the hack and theft.

Second, the kit necessary to completely rewire the scooters can only be purchased online from China and takes eight weeks to arrive.

Even if a hacker is interested in one of the scooters, it would take a long time for their plan to come to fruition.

Plus, the loss of a single scooter doesn’t matter much to such massive companies, which brings us to our final point.

Finally, Lime and Bird are not interested in hackers because it doesn’t affect their bottom line.

E-scooters are more environmentally friendly than many other transportation methods but they have inordinate maintenance costs. People don’t return the scooters to their designated areas, which means the companies need to send people in vans out to collect them.

This means companies like Lime and Bird need to invest more time, money, and gasoline into having the e-scooters brought back to their rental locations and charging stations.

This can mean a scooter is operating at a loss for the day if it didn’t make enough money to cover maintenance.

The bottom line? Stolen scooters can actually save the rental companies money. Lime, Bird, and others make their money back from buying the e-scooters in a couple of weeks, so then they just end up paying maintenance costs.

If one gets hacked and stolen, it doesn’t affect their business model much at all. Considering Bird is worth $2 billion and Lime is worth $1.1 billion, losing a couple of $500 scooters does not matter. Plus, each scooter brings in only $15 a day.

If you live in the United States and use e-scooters on a regular basis, you don’t have to worry about the starting/stopping hack seen in the Xiaomi M365.

Only a couple of hooligans might utilize such a tool Instead, hackers are more likely to be roaming the streets and stealing the e-scooters for themselves. However, even this threat hasn’t been great enough for e-scooter rental companies to take action.


Latest articles

DDNS Service In Fortinet Or QNAP Embedded Devices Exposes Sensitive Data, Researchers Warn

Hackers employ DNS for various purposes like redirecting traffic to enable man-in-the-middle attacks, infecting...

PoC Exploit Released For macOS Privilege Escalation Vulnerability

A new vulnerability has been discovered in macOS Sonoma that is associated with privilege...

CatDDoS Exploiting 80+ Vulnerabilities, Attacking 300+ Targets Daily

Malicious traffic floods targeted systems, servers, or networks in Distributed Denial of Service (DDoS)...

GNOME Remote Desktop Vulnerability Let Attackers Read Login Credentials

GNOME desktop manager was equipped with a new feature which allowed remote users to...

Kesakode: A Remote Hash Lookup Service To Identify Malware Samples

Today marks a significant milestone for Malcat users with the release of version 0.9.6,...

Cisco Firepower Vulnerability Let Attackers Launch SQL Injection Attacks

 A critical vulnerability has been identified in Cisco Firepower Management Center (FMC) Software's web-based...

Hackers Exploit WordPress Plugin to Steal Credit Card Data

Hackers have exploited an obscure WordPress plugin to inject malware into websites, specifically targeting...

Free Webinar

Live API Attack Simulation

94% of organizations experience security problems in production APIs, and one in five suffers a data breach. As a result, cyber-attacks on APIs increased from 35% in 2022 to 46% in 2023, and this trend continues to rise.
Key takeaways include:

  • An exploit of OWASP API Top 10 vulnerability
  • A brute force ATO (Account Takeover) attack on API
  • A DDoS attack on an API
  • Positive security model automation to prevent API attacks

Related Articles