Critical flaws in Segway Hoverboards leaving them vulnerable to cyber-attacks
July 19, 2017
Hackers can exploit vulnerabilities in Segway hoverboards to take control of controller firmware, remove rider detection and cause accidents.
If he wants, a hacker can cause serious injuries to hoverboard riders by abruptly stopping the scooters when they are in motion.
A research note published by security consulting firm IOActive has detailed out how hackers can exploit critical security vulnerabilities in the Segway/Ninebot MiniPRO Hoverboards to bypass safety systems, remotely take control of devices, change settings and control pace and direction of such hoverboards.
Such vulnerabilities may also allow a hacker to abruptly stop a hoverboard while it is in motion, resulting in a violent fall for the rider.
Thomas Kilbride, Embedded Devices Security Consultant at IOActive, conducted the research and concluded that the said hoverboards carry serious security vulnerabilities which allow hackers to take control of and manage them.
Using reverse engineering and protocol analysis, he was able to perform a firmware update of the scooter’s control system without authentication and modify the controller firmware to remove rider detection.
Kilbride was also able to determine the location of riders in an area as they were indexed using their smart phone’s GPS. So if a hacker wanted to harm a particular rider, he could trace his hoverboard, hijack it and control it without the rider's knowledge.
The firm said that in order to plug such vulnerabilities, hoverboard makers need to strengthen their device firmware by introducing steps like firmware integrity checking, encryption, and PIN authentication.
Kilbride also said that since there are no regulations centered on firmware integrity and validation in devices despite being integral to the safety of the system, modern devices are vulnerable to cyber-attacks.
IOActive had informed Segway/Ninebot about the said vulnerabilities, following which the company released an update to plug some of them.
Jay Jay is a freelance technology writer for teiss. He has previously written news articles, device reviews and features for Mobile Choice UK website and magazine, as well as writing extensively for SC Magazine UK, Tech Radar, Indian Express, and Android Headlines.
Supermarket chain Morrisons has been asked to pay compensation to 5,518 current and former employees whose personal and financial details were published online by a former staff member. Morrisons was …