The problem lies in the way Xiaomi M365 users are authenticated. Passwords required for authentication in the scooter system are used incorrectly, since they are checked only on the application side.
The scooter itself does not monitor the authentication process, which leads to a serious bug – all commands can be executed without the need to enter a password.
To demonstrate the vector of attack, the researcher first conducted a DoS attack on the M365, and then prepared the foundation for installing a malicious version of the firmware, which allows you to gain complete control over the scooter.
Zimperium has even created a special proof-of-concept code in the form of a malicious application. This application can search for nearby Xiaomi M3656, and then exploit the vulnerability found in these devices.
At the very process of the attack can be viewed in the video, which we present below: