If you live in a decent-size city, you’ve probably noticed a bunch of electric scooters scattered all over town recently. They are the latest form of ride-share type option to get around.
Like bike shares that came first, e-scooters can be rented for a very low price by scanning a barcode on a downloaded app. They have become super popular and are popping up in cities all over the U.S.
But there’s a problem with some of these trendy scooters that you need to know about. They could be dangerous to your health.
Hackers targeting electric scooters
When e-scooters first became available to rent, some people hated them because they were thought to be a nuisance. Thoughtless renters would just leave them piled up along the sidewalk, making them both an eyesore and dangerous for pedestrians trying to safely get by.
Now, things are getting dangerous for renters themselves. That’s because some of the scooters contain a flaw that would let hackers take control, putting riders’ health in peril.
Researchers at Zimperium say they’ve discovered a flaw in the popular M365 scooter from Xiaomi. The bug was found in the scooter’s Bluetooth module that lets riders communicate with the scooter via an app.
It could let a hacker remotely take control of the scooter. Watch the quick demonstration below to see it in action.
As you can see from the video, a hacker could cause serious harm to someone riding on one of these scooters. They could make the scooter speed up and go through a dangerous intersection while cars are driving through. Or, slam on the scooter’s brakes and make you wipe out. Not good!
The problem is with the Bluetooth system. The researcher who discovered it said he was able to connect to the scooter through Bluetooth without having to enter a password.
He was then able to install firmware that included malware on the scooter without a problem. The malware would let a hacker take full control of the scooter’s operation.
This is a common problem with “internet of things” devices. Many internet connected gadgets come with either no password protection or a default password that is easily known by hackers.
Unfortunately, fixing this issue is out of our control when it comes to rental e-scooters. It’s up to Xiaomi to fix the flaw. But that could be a problem. When Zimperium warned the company of the bug, reps told them they didn’t have the ability to fix it on their own. Yikes!
Apparently Xiaomi doesn’t code its Bluetooth module in house. Instead, it outsources it to a third party, and the flaw would need to be fixed by them. Until it’s fixed, to be safe, it’s probably best to stay away from this model of scooter.