Hackers Could Easily Conduct Keep Remote Command Of Your Segway Hoverboards

If you lot are hoverboard rider, you lot should locomote concerned nearly yourself.

Thomas Kilbride, a security researcher from security draw of piece of occupation solid IOActive, receive got discovered several critical vulnerabilities inwards Segway Ninebot miniPRO that could locomote exploited yesteryear hackers to remotely accept "full control" over the hoverboard inside hit as well as exit riders out-of-control.

Segway Ninebot miniPRO is a high-speed, self-balancing, two-wheel, hands-free electrical scooter, also known every bit SUV of hoverboards, which also allows it riders to command the hoverboard yesteryear a Ninebot smartphone app remotely.

Ninebot smartphone app allows riders to adapt lite colours, modify security features, locomote vehicle diagnostics, railroad train anti-theft alarms, as well as fifty-fifty remotely commanding the miniPRO scooter to move.

But the security of powerful miniPRO was thence ill that Thomas hardly took xx seconds to hack it as well as hijack remote command of it.

In a weblog shipping published today, Thomas has disclosed a serial of critical security vulnerabilities inwards Segway's miniPRO scooter, as well as nosotros receive got compiled them inwards a simple, understandable format below:

• Security PIN Bypass — H5N1 potential assaulter tin halt role the modified version of the Nordic UART app to connect Segway Ninebot miniPRO via Bluetooth without requiring whatever security PIN.

• Unencrypted Communications — Ninebot App & the Hoverboard communicates over an unencrypted channel, allowing a remote assaulter to perform man-in-the-middle attacks as well as inject malicious payloads.

• No Firmware Integrity Verification — Lack of unencrypted communication as well as Firmware integrity verification machinery to abide by unauthorised changes allows an assaulter to force malicious firmware update.

• Reveal GPS Location of Nearby Riders — GPS characteristic inwards Ninebot App known every bit "Rider Nearby," which lets users to uncovering other nearby miniPro riders inwards the real-time, exposes hoverboard place through the phone's GPS publicly to potential attackers as well as thieves.

If exploited, these vulnerabilities could at i fourth dimension locomote used to disrupt the device's settings, speed, the administration of get as well as internal motor.

Thomas has also provided a video demonstration showing how he was able to force the malicious firmware update to the miniPro, leaving the device opened upwardly to farther hacks.

These vulnerabilities were discovered belatedly final twelvemonth yesteryear Thomas, which was thence patched yesteryear Ninebot inwards Apr this twelvemonth later the researcher responsibly reported the company.

Share This :