샤오미 전기 스쿠터의 치명적 결함 VIDEO:Terrifying flaw lets hackers remotely accelerate or hit the brakes on popular electric scooters

Terrifying flaw lets hackers remotely accelerate or hit the brakes on popular electric scooters

Zimperium said several popular ride-sharing services use M365 scooters, but it's unclear how many are currently in use in the U.S. 

Researchers from Zimperium discovered a flaw in Xiaomi's M365 scooter app

Hackers can control the scooter by connecting to it via Bluetooth, thereby letting them remotely hit the brakes, suddenly accelerate and lock the device

Zimperium said M365 scooters are used by many popular ride-sharing services 

샤오미 전기 스쿠터의 치명적 결함 블르투스 모드에서 해커들에 의해 원격 조종 가능    연구원들은 인기 있는 전기 스쿠터들이 해커들에 의해 원격으로 조종되는 것을 우려하는 걱정스러운 결함을 발견했다.  모바일 보안 회사인 Zimperium은 샤오미의 M365 스쿠터의 보안 취약성으로 인해 누구라도 기기를 잠글 수 있고 브레이크를 밟으며 기기가 갑자기 가속될 수 있다고 경고했다. 이 결함은 사용자가 장치를 원격으로 제어할 수 있게 해주는 스쿠터의 블루투스 모듈에 있다.  예를 들어 블루투스를 사용하면 고객은 앱에 스쿠터를 핸즈프리 상태로 잠글 수 있다 황기철 콘페이퍼 에디터 큐레이터 Ki Cheol Hwang, conpaper editor, curator

edited by kcontents

By ANNIE PALMER FOR DAILYMAIL.COM

PUBLISHED: 20:19 GMT, 12 February 2019 | UPDATED: 20:50 GMT, 12 February 2019

Security researchers discovered a worrying flaw in popular e-scooters that leaves them open to being remotely controlled by hackers. 

Mobile security firm Zimperium has warned that a security vulnerability in Xiaomi's M365 scooter could let anyone savvy enough lock the device, hit the brakes and even cause the device to suddenly accelerate. 

The flaw resides in the scooter's Bluetooth module, which lets users control the device remotely. 

For example, using Bluetooth, customers can lock the scooter on the app handsfree. 

Rani Idan, a security researcher at Zimperium, found that a hacker could easily connect to the scooter with Bluetooth and without having to enter a password. 

'The password is only validated on the application side, but the scooter itself doesn’t keep track of the authentication state,' Idan said. 

Rani Idan, a security researcher at Zimperium, found that a hacker could easily connect to Xiaomi's M365 scooters with Bluetooth and without having to enter a password

'Therefore, we can use all of these features without the need for authentication.'

Idan and the other researchers then took it a step further and exploited this flaw to install malware on the scooter. 

The scooter didn't recognize that unauthorized software had been installed onto it. 

View Full Text

https://www.dailymail.co.uk/sciencetech/article-6696975/Terrifying-flaw-lets-hackers-remotely-accelerate-hit-brakes-popular-electric-scooters.html

kcontents