Home / For Business / Xiaomi M365 scooters can be hacked and managed remotely

Xiaomi M365 scooters can be hacked and managed remotely

Xiaomi M365 electric scooters are vulnerable – the security problem in these vehicles was discovered by expert Reni Idan from Zimperium, a company that sells exploits. The gap is so serious that it can allow an attacker to remotely control electric scooters – suddenly slow down or accelerate the vehicle.

The problem lies in the way Xiaomi M365 users are authenticated. Passwords required for authentication in the scooter system are used incorrectly, since they are checked only on the application side.

The scooter itself does not monitor the authentication process, which leads to a serious bug – all commands can be executed without the need to enter a password.

To demonstrate the vector of attack, the researcher first conducted a DoS attack on the M365, and then prepared the foundation for installing a malicious version of the firmware, which allows you to gain complete control over the scooter.

Zimperium has even created a special proof-of-concept code in the form of a malicious application. This application can search for nearby Xiaomi M3656, and then exploit the vulnerability found in these devices.

At the very process of the attack can be viewed in the video, which we present below:

[Total: 0    Average: 0/5]
READ  No more passwords needed: Windows Hello system passed FIDO2 certification

About Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Check Also

windows 10 may update

Latest Windows 10 updates do not allow rolling OS back to the restore point

Microsoft acknowledged that there is another issue with updates for Windows 10. This time technical …

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.