Saturday, December 2, 2023

E-Scooters Can Be Hacked Using Remote Locking System Manipulation

Electric scooters, also called e-scooters, are a popular method of transportation in large cities.

They are small, portable, and can zip around sidewalks and in between pedestrians with ease. Unfortunately, their popularity isn’t just with law-abiding citizens.

Xiaomi M365 scooters were Vulnerable to Hack

A research conducted in Last year by Zimperium scooter companies like , Lime, and Bird discovered individuals were able to hack into the machines and make them perform a variety of actions without a rider’s knowledge.

One of the most significant studies was completed by Zimperium in last year, a mobile security company, they tested multiple Xiaomi M365 scooters and discovered the electronic system could be hacked.

The hacker could force the scooter to speed up, slow down, or stop completely at will.

The hack is done by accessing the Bluetooth app utilized by the Xiaomi M365, which was designed to allow users to remotely lock their scooter.

This hack is troubling news for the manufacturer of the Xiaomi M365. It could be utilized from over 100 meters (328 ft.) away and lock multiple scooters at once or just mess with a single one.

The Xiaomi M365 is one of the most popular models used by electric scooter rental companies around the world and in the United States.

Being able to affect the function of the scooter is not the only thing hackers can do. Someone with enough technical experience can force an e-scooter to stop, deactivate the brakes, and then put it in their vehicle to take away. Once the hacker is at a secure location, it is possible to remove the internal hardware and reprogram it for personal use.

Kit for hacking an e-scooter

It sounds like a fantasy, but it has been done numerous times around the world. A complete kit for hacking an e-scooter is available online for roughly $48, a fraction of the cost of an expensive e-scooter.

Someone unscrupulous enough would have an easy time making a Xiaomi M365 their own without investing too much time, money, or energy into the crime.

Of course, not all of the companies are worried. For Lime and Bird, the situation does not seem to be a problem at all despite multiplecontroversies.

First, although these companies do use the Xiaomi M365 -the preferred model of several rental companies, isolating and hacking an individual scooter in the city is not as easy as it sounds.

Someone would need to have a target in mind, figure out who is using it, and then monitor it until there are few witnesses to see the hack and theft.

Second, the kit necessary to completely rewire the scooters can only be purchased online from China and takes eight weeks to arrive.

Even if a hacker is interested in one of the scooters, it would take a long time for their plan to come to fruition.

Plus, the loss of a single scooter doesn’t matter much to such massive companies, which brings us to our final point.

Finally, Lime and Bird are not interested in hackers because it doesn’t affect their bottom line.

E-scooters are more environmentally friendly than many other transportation methods but they have inordinate maintenance costs. People don’t return the scooters to their designated areas, which means the companies need to send people in vans out to collect them.

This means companies like Lime and Bird need to invest more time, money, and gasoline into having the e-scooters brought back to their rental locations and charging stations.

This can mean a scooter is operating at a loss for the day if it didn’t make enough money to cover maintenance.

The bottom line? Stolen scooters can actually save the rental companies money. Lime, Bird, and others make their money back from buying the e-scooters in a couple of weeks, so then they just end up paying maintenance costs.

If one gets hacked and stolen, it doesn’t affect their business model much at all. Considering Bird is worth $2 billion and Lime is worth $1.1 billion, losing a couple of $500 scooters does not matter. Plus, each scooter brings in only $15 a day.

If you live in the United States and use e-scooters on a regular basis, you don’t have to worry about the starting/stopping hack seen in the Xiaomi M365.

Only a couple of hooligans might utilize such a tool Instead, hackers are more likely to be roaming the streets and stealing the e-scooters for themselves. However, even this threat hasn’t been great enough for e-scooter rental companies to take action.


Latest articles

Active Attacks Targeting Google Chrome & ownCloud Flaws: CISA Warns

The CISA announced two known exploited vulnerabilities active attacks targeting Google Chrome & own...

Cactus Ransomware Exploiting Qlik Sense code execution Vulnerability

A new Cactus Ransomware was exploited in the code execution vulnerability to Qlik Sense...

Hackers Bypass Antivirus with ScrubCrypt Tool to Install RedLine Malware

The ScrubCrypt obfuscation tool has been discovered to be utilized in attacks to disseminate the RedLine Stealer...

Hotel’s Hacked Logins Let Attacker Steal Guest Credit Cards

According to a recent report by Secureworks, a well-planned and advanced phishing attack was...

Critical Zoom Vulnerability Let Attackers Take Over Meetings

Zoom, the most widely used video conferencing platform has been discovered with a critical...

Hackers Using Weaponized Invoice to Deliver LUMMA Malware

Hackers use weaponized invoices to exploit trust in financial transactions, embedding malware or malicious...

US-Seized Crypto Currency Mixer Used by North Korean Lazarus Hackers

The U.S. Treasury Department sanctioned the famous cryptocurrency mixer Sinbad after it was claimed...

API Attack Simulation Webinar

Live API Attack Simulation

In the upcoming webinar, Karthik Krishnamoorthy, CTO and Vivek Gopalan, VP of Products at Indusface demonstrate how APIs could be hacked.The session will cover:an exploit of OWASP API Top 10 vulnerability, a brute force account take-over (ATO) attack on API, a DDoS attack on an API, how a WAAP could bolster security over an API gateway

Related Articles