Popular Electric Scooters Available Through Ride-Sharing Apps Can Be Hacked

Home > News > Content

【Summary】If you thought autonomous vehicles would be the only machines that could be hacked, you’re wrong. Researchers from Zimperium found that the Xiaomi M365 electric scooter could be hacked to accelerate or brake.

Original Vineeth Joel Patel    Mar 27, 2019 7:00 AM PT
Popular Electric Scooters Available Through Ride-Sharing Apps Can Be Hacked

Hacking is one of the major concerns regarding autonomous vehicles. It's something a lot of American drivers aren't too sure about. In a report that came out last October, Morning Consult and Politico found that 75 percent of individuals that were surveyed stated they were afraid of hackers remotely accessing or taking over their vehicle. Unfortunately, it looks like cars aren't the only things that can be hacked. 

Researchers Hacked A Popular Scooter Brand

Earlier this week, Zimperium, a leading mobile security firm that's based out of Delaware, released a video revealing how its researchers were able to hack an electric scooter that's popular with ride-sharing services. By exposing and utilizing a flaw in the machine's Bluetooth module, researchers at the firm were able to get the electric scooter to accelerate or brake without any input from the actual user. 

The scooter in question is the Xiaomi M365 scooter. It has become a popular option with ride-sharing companies because of its ability to be remotely locked and unlocked via an application. While this makes it convenient for users to use the electric scooters, it's where the weak spot is. 

As Zimperium's researchers revealed, it's through this functionality that hackers can target any individuals riding a Xiaomi M365 and make the machine accelerate and brake or even lock the device. More alarmingly, researchers found that they could remotely access the scooters from roughly 328 feet away. 

Zimperium claims that it reported the issue to Xiaomi. 

Trouble Surrounding Electric Scooters

The Xiaomi M365 is a popular scooter. As The Verge outlines, Bird uses the machine, though the company claims that none of its M365 scooters are affected by the vulnerability. Lime told the outlet that it doesn't have any M365 scooters in its lineup. 

"It might have implications on any ride-sharing service that uses Xiaomi scooters but didn't disable or replace Xiaomi's Bluetooth model," Rani Idan, security researcher and director of Platforms at Zimperium, told The Verge in an email. "Moreover, Xiaomi scooters are rebranded and sold under different names, those might be affected." 

While hacking scooters hasn't made headlines recently, the amount of scooters on the road has. With so many companies coming out with electric scooters in San Francisco, California, the city came out with a permit program. Only Skip and Scoot were given the green light to participate in a one-year program in the city. 

Start ups like Bird, Skip, Scoot, and Lime may be major players in the electric-scooter industry, but larger companies like Uber, has come to the conclusion that electric scooters and electric bicycles are the way forward for short urban trips. When Uber finally comes out with its scooters, you can be sure that there will a lot more machines on the road. And if hacking is possible now, the situation will be much worse when more machines are available. 

Prev                  Next
Writer's other posts
    Related Content