Report shared with Hack Hex, researchers from Zimperium said to have discovered a vulnerability in M365 Folding Electric Scooter that could potentially put riders life at risk.
The M365 Electric Scooter comes with a mobile app that has Bluetooth communication, which allows its riders to interact with their scooters for features like changing password, enabling anti-theft system, cruise-control, updating the firmware, and viewing other statistics.
Researchers found that due to improper validation of password, a hacker, up to 100 meters away, could send unauthenticated commands to the scooter without password.
“During our research, we determined the password is not being used properly as part of the authentication process with the scooter and that all commands can be executed without the password,” Rani Idan, explains in a report shared with Hack Hex.
By exploiting this issue, an attacker can perform the following attack:
- Locking Scooters—Denial-of-service attack, where an attacker can lock any M365 scooter in the middle of the traffic.
- Deploying Malware—The app allows riders to upgrade scooter’s firmware, an attacker can also push firmware to take full control over the scooter.
- Targeted Attack—Attackers can target an individual rider and cause the scooter to suddenly brake or accelerate.
To demonstrate these attacks, researchers developed a proof-of-concept (PoC) application that scans for Xiaomi M365 scooters and locks them by using the anti-theft feature, without the victim’s knowledge.
“The app sends a crafted payload using the correct byte sequence to issue a command that will lock any nearby scooter in the distance of up to 100 meters away,” the researchers say. They also developed an application for installing firmware capable of accelerating the scooter, but due to safety concerns, they will not publish it.
The reports have been already shared with Xiaomi two weeks ago. The Chinese company acknowledged them, saying that its team is working on a fix to address it. M365 Electric scooter riders are recommended to implement the patches as soon as they become available.