My Scooter: a fault helps take control of the Xiaomi remote electric scooters

The security breach allows the piracy of Xiaomi My Scooter to control them remotely, without going through ID  and password.

My scooter XiaomiThe Chinese giant Xiaomi recently proposed the Mi Scooter, an electric scooter that can be controlled remotely through a dedicated application. The machine is quite practical every day and is an excellent alternative to bicycles and motorcycles of all kinds. However, it has a defect and not less important. According to a study conducted by computer security researchers at Zimperium, Inc., the My Scooter is vulnerable to hacking due to a critical security vulnerability in its Bluetooth connection.

A dangerous flaw for the users of the Xiaomi Mi Scooter.
The result of the analysis carried out by Zimperium is a little worrisome for the users of the Xiaomi Mi Scooter. Apparently, it would be easy to hack the electric scooter 100 meters away. The pirate will not need to touch the ship for that. It will be enough to exploit the fault located in the Bluetooth system, a system that includes the parameters related to the updates and the configuration of the anti-theft device and the speed. To access it, it will be necessary to use an application whose access is protected by password. Unfortunately, "the password is validated only on the application side, but the scooter itself does not track authentication."

In other words, it is possible to connect directly to the My Scooter without going through this application. This is what the researchers did when developing another application that allowed them to remotely block the anti-theft of the scooters present in a radius of 100 meters. But hackers could do even worse.


Post a Comment