13 Feb 2019

Xiaomi electric scooter has a remarkable market and is being used by various bands with some modifications. Smart devices like these makes our lives faster and organized but any insecurity in these are sure to ruin your life.

Those who use electric scooter must be concerned, as the security researchers at Zimperium have discovered a serious vulnerability in M365 Folding Electric Scooter by Xiaomi which can put the life of riders at risk.

Xiaomi M365 Electric Scooter has a mobile app which uses password-protected Bluetooth communication thereby permitting the riders to securely communicate with their scooters remotely for doing various things like changing password, enabling the anti-theft system, cruise-control, eco mode, updating the scooter’s firmware, and viewing other real-time riding statistics.

The researchers have found that if the password is not validated properly at the scooter’s end, a remote hacker at a distance of around 100 meters away, can send unauthenticated commands over Bluetooth to a targeted vehicle without using any user-defined password.

If this issue is exploited then an attacker can do the following

  • Lock Scooters: This is a type of denial-of-service attack in which the attacker can suddenly lock any M365 scooter in the middle of the traffic.
  • Deploying Malware: The app permits the rider to upgrade the scooter’s firmware remotely so it is possible for an attacker also to insert malicious firmware to take complete control over the scooter.
  • Targeted Attack [Brake/Accelerate]: The remote attacker can target the rider to cause the scooter to suddenly brake or accelerate causing accidents.

The below video demonstrates one of the attack scenarios. Here, the researchers developed a proof-of-concept (PoC) app that scans for nearby Xiaomi M365 scooters and locks them by using the anti-theft feature of the scooter, without the knowledge of the user or any kinds of authentication.

The app can send a crafted payload using the correct byte sequence to issue a command to lock any scooter at a distance of up to 100 meters away.

A PoC app was developed by the researchers to install malicious firmware that can accelerate the scooter. However, its PoC will not be published due to security reasons.

The researchers have already reported the issue to Xiaomi for which the company had acknowledged them and said that their team were not aware of this issue and they have started working on it to fix the issue.

All the M365 Electric scooter riders are advised to implement the patches when they are available and until that it is best to avoid riding the same rather than taking a risk.

Leave your thought

This site uses Akismet to reduce spam. Learn how your comment data is processed.