Thomas Kilbride, a security researcher from security theatre IOActive, guide maintain discovered several critical vulnerabilities inwards Segway Ninebot miniPRO that could last exploited past times hackers to remotely guide maintain "full control" over the hoverboard inside arrive at in addition to operate out riders out-of-control.
Segway Ninebot miniPRO is a high-speed, self-balancing, two-wheel, hands-free electrical scooter, also known equally SUV of hoverboards, which also allows it riders to command the hoverboard past times a Ninebot smartphone app remotely.
Ninebot smartphone app allows riders to suit calorie-free colours, modify security features, run vehicle diagnostics, ready anti-theft alarms, in addition to fifty-fifty remotely commanding the miniPRO scooter to move.
In a weblog postal service published today, Thomas has disclosed a serial of critical security vulnerabilities inwards Segway's miniPRO scooter, in addition to nosotros guide maintain compiled them inwards a simple, understandable format below:
- Security PIN Bypass — H5N1 potential assaulter tin role the modified version of the Nordic UART app to connect Segway Ninebot miniPRO via Bluetooth without requiring whatsoever security PIN.
- Unencrypted Communications — Ninebot App & the Hoverboard communicates over an unencrypted channel, allowing a remote assaulter to perform man-in-the-middle attacks in addition to inject malicious payloads.
- No Firmware Integrity Verification — Lack of unencrypted communication in addition to Firmware integrity verification machinery to honour unauthorised changes allows an assaulter to force malicious firmware update.
- Reveal GPS Location of Nearby Riders — GPS characteristic inwards Ninebot App known equally "Rider Nearby," which lets users to discovery other nearby miniPro riders inwards the real-time, exposes hoverboard place through the phone's GPS publicly to potential attackers in addition to thieves.
If exploited, these vulnerabilities could at i fourth dimension last used to disrupt the device's settings, speed, the administration of effort in addition to internal motor.
Thomas has also provided a video demonstration showing how he was able to force the malicious firmware update to the miniPro, leaving the device opened upwards to farther hacks.
