Home / For Business / Xiaomi M365 scooters can be hacked and managed remotely

Xiaomi M365 scooters can be hacked and managed remotely

Xiaomi M365 electric scooters are vulnerable – the security problem in these vehicles was discovered by expert Reni Idan from Zimperium, a company that sells exploits. The gap is so serious that it can allow an attacker to remotely control electric scooters – suddenly slow down or accelerate the vehicle.

The problem lies in the way Xiaomi M365 users are authenticated. Passwords required for authentication in the scooter system are used incorrectly, since they are checked only on the application side.

The scooter itself does not monitor the authentication process, which leads to a serious bug – all commands can be executed without the need to enter a password.

To demonstrate the vector of attack, the researcher first conducted a DoS attack on the M365, and then prepared the foundation for installing a malicious version of the firmware, which allows you to gain complete control over the scooter.

Zimperium has even created a special proof-of-concept code in the form of a malicious application. This application can search for nearby Xiaomi M3656, and then exploit the vulnerability found in these devices.

At the very process of the attack can be viewed in the video, which we present below:

Sending
User Review
0 (0 votes)
Comments Rating 0 (0 reviews)

About Daniel Zimmermann

Daniel Zimmermann has been writing on security and malware subjects for many years and has been working in the security industry for over 10 years. Daniel was educated at the Saarland University in Saarbrücken, Germany and currently lives in New York.

Check Also

Facebook incorporates hidden codes in photos

Facebook incorporates hidden codes in photos for download

According to researcher Edin Jusupovic, social network Facebook includes hidden codes in photos uploaded by …

Leave a Reply

Your email address will not be published. Required fields are marked *

Sending

This site uses Akismet to reduce spam. Learn how your comment data is processed.