A security flaw in Segway scooters could allow hackers to topple riders using just their smartphone.
Hackers could remotely control scooters - also called
hoverboards - due to a number of vulnerabilities which researchers have
found in several Segway models.
While hoverboards were in the news a few years ago after several models were overcharging and catching fire, now it is the digital insecurity of the devices which could endanger riders.
The software flaws found in scooters could allow attackers to bypass the scooters' safety systems and completely override the riders' manual control.
This could even include shutting off the engine while the device was travelling at a high speed, potentially injuring or even killing the rider.
While regulations in the US require scooters to meet mechanical and electrical specifications to avoid battery fires and mechanical failures, there are no regulations regarding the software which controls the device.
This type of software, known as firmware, is "integral to the safety of the system" according to Thomas Kilbride, a security consultant at IOActive who led the research.
"As my research indicates, this lack of regulation could lead to a number of dangerous situations," he said.
Mr Kilbride's research - which included reverse engineering Segway's firmware and analyising the protocols that the devices used to communicate - found "a number of worrisome security threats."
He found that, because Segway riders in an area were publicly indexed by their smartphone's GPS, scooters in a single area "could be found, tracked, hijacked, and controlled without the rider's knowledge."
IOActive said that it has already disclosed the vulnerabilities to Segway/Ninebot back in January, and that the company has now released a software update addressing the critical issues.
While hoverboards were in the news a few years ago after several models were overcharging and catching fire, now it is the digital insecurity of the devices which could endanger riders.
The software flaws found in scooters could allow attackers to bypass the scooters' safety systems and completely override the riders' manual control.
This could even include shutting off the engine while the device was travelling at a high speed, potentially injuring or even killing the rider.
While regulations in the US require scooters to meet mechanical and electrical specifications to avoid battery fires and mechanical failures, there are no regulations regarding the software which controls the device.
This type of software, known as firmware, is "integral to the safety of the system" according to Thomas Kilbride, a security consultant at IOActive who led the research.
"As my research indicates, this lack of regulation could lead to a number of dangerous situations," he said.
Mr Kilbride's research - which included reverse engineering Segway's firmware and analyising the protocols that the devices used to communicate - found "a number of worrisome security threats."
He found that, because Segway riders in an area were publicly indexed by their smartphone's GPS, scooters in a single area "could be found, tracked, hijacked, and controlled without the rider's knowledge."
IOActive said that it has already disclosed the vulnerabilities to Segway/Ninebot back in January, and that the company has now released a software update addressing the critical issues.

Post a Comment