Critical flaws in Segway Hoverboards leaving them vulnerable to cyber-attacks

Critical flaws in Segway Hoverboards leaving them vulnerable to cyber-attacks

Critical flaws in Segway Hoverboards leaving them vulnerable to cyber-attacks

Hackers can exploit vulnerabilities in Segway hoverboards to take control of controller firmware, remove rider detection and cause accidents.

If he wants, a hacker can cause serious injuries to hoverboard riders by abruptly stopping the scooters when they are in motion.

A research note published by security consulting firm IOActive has detailed out how hackers can exploit critical security vulnerabilities in the Segway/Ninebot MiniPRO Hoverboards to bypass safety systems, remotely take control of devices, change settings and control pace and direction of such hoverboards.

Routers to toys, is the smart home really just an unsafe home?

Such vulnerabilities may also allow a hacker to abruptly stop a hoverboard while it is in motion, resulting in a violent fall for the rider.

Thomas Kilbride, Embedded Devices Security Consultant at IOActive, conducted the research and concluded that the said hoverboards carry serious security vulnerabilities which allow hackers to take control of and manage them.

Using reverse engineering and protocol analysis, he was able to perform a firmware update of the scooter’s control system without authentication and modify the controller firmware to remove rider detection.

Kilbride was also able to determine the location of riders in an area as they were indexed using their smart phone’s GPS. So if a hacker wanted to harm a particular rider, he could trace his hoverboard, hijack it and control it without the rider’s knowledge.

WiMax router vulnerability lets hackers track customers’ internet activities

The firm said that in order to plug such vulnerabilities, hoverboard makers need to strengthen their device firmware by introducing steps like firmware integrity checking, encryption, and PIN authentication.

Kilbride also said that since there are no regulations centered on firmware integrity and validation in devices despite being integral to the safety of the system, modern devices are vulnerable to cyber-attacks.

IOActive had informed Segway/Ninebot about the said vulnerabilities, following which the company released an update to plug some of them.

Copyright Lyonsdown Limited 2021

Top Articles

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Hackers Breach Electronic Arts & Steal Game Code

Electronic Arts, one of the world's biggest video game publishers including games such as FIFA, Madden, Sims and Medal of Honor, are the latest company to be hacked.

JBS Foods paid £7.7m in ransom to REvil ransomware gang

JBS Foods, the world’s largest processor of beef and poultry products, has admitted to paying a ransom of $11 million to cyber criminals, a week after it announced that operations…

Related Articles

[s2Member-Login login_redirect=”” /]