Xiaomi M365 Electric Scooter Vulnerable to Remote Hacking
A security expert has discovered a flaw that could allow remote control of the Xiaomi M365 electric scooter to control acceleration and braking.
The problem of including very innovative technological products in our day to day life is that we can find continuous security failures in many of these. It is normal, and manufacturers must fight to make this number of failures as small as possible. In fact, many of these failures we do not notice even in day to day, but when it comes to a popular product, the risk increases.
It is the case of the famous Xiaomi M365 scooter. The Xiaomi M365 is one of the most popular electric scooter models of the moment because of its very good price/quality ratio. It includes the fleets of some rental services. But bad news, a security researcher at Zimperium has discovered a flaw that could allow a hacker to take complete control at a distance to accelerate or brake the scooter. In the question, the process of password authentication that is done via Bluetooth communications.
“During our research, we determined the password is not being used properly as part of the authentication process with the scooter and that all commands can be executed without the password,” Zimperium said in the research findings. “The password is only validated on the application side, but the scooter itself doesn’t keep track of the authentication state.”
The hack works up to 100 meters away
As CNET first reported, by exploiting this flaw, Zimperium claims to have been able to interact with the M365’s anti-theft system, cruise control, and eco mode, as well as update its firmware, all without prior authentication.
The video below is a proof of concept of this piracy where we see a hacker block the scooter when his user is about to cross the road. According to the company, the takeover can be up to 100 meters away.
The fault exposed by Zimperium is similar to that discovered in 2017 on a Segway hoverboard. IOActive had then demonstrated that it could remotely access the device by manually sending commands to the Segway application via Bluetooth without the need for authentication. Zimperium says they informed Xiaomi of the problem.
Xiaomi sent a statement saying that “Xiaomi takes the utmost care in the design and manufacture of its products, and takes the feedback of its users and the safety of his community very seriously. That’s why, as soon as we were informed of the possibility for malicious hackers, to take remote control of running scooters, we started to work on a solution to fix it and block access to any non-application. In parallel, Xiaomi’s product and security teams are preparing an OTA update that will be available as soon as possible. We are fully committed to the constant improvement of our products and services, in particular, based on the feedback received, to offer products that are always efficient and safer.”
The M365 electric scooter of Xiaomi is one of the most popular today, and the conduction of it is done by communication via Bluetooth. This vulnerability could represent a global failure, allowing attacks of denial of service to block the device, deploy a malware or install the malicious firmware like the one made by Zimperium, or execute a targeted attack, the researchers warn.