Critical flaws in Segway Hoverboards leaving them vulnerable to cyber-attacks
July 19, 2017
Hackers can exploit vulnerabilities in Segway hoverboards to take control of controller firmware, remove rider detection and cause accidents.
If he wants, a hacker can cause serious injuries to hoverboard riders by abruptly stopping the scooters when they are in motion.
A research note published by security consulting firm IOActive has detailed out how hackers can exploit critical security vulnerabilities in the Segway/Ninebot MiniPRO Hoverboards to bypass safety systems, remotely take control of devices, change settings and control pace and direction of such hoverboards.
Such vulnerabilities may also allow a hacker to abruptly stop a hoverboard while it is in motion, resulting in a violent fall for the rider.
Thomas Kilbride, Embedded Devices Security Consultant at IOActive, conducted the research and concluded that the said hoverboards carry serious security vulnerabilities which allow hackers to take control of and manage them.
Using reverse engineering and protocol analysis, he was able to perform a firmware update of the scooter’s control system without authentication and modify the controller firmware to remove rider detection.
Kilbride was also able to determine the location of riders in an area as they were indexed using their smart phone’s GPS. So if a hacker wanted to harm a particular rider, he could trace his hoverboard, hijack it and control it without the rider's knowledge.
The firm said that in order to plug such vulnerabilities, hoverboard makers need to strengthen their device firmware by introducing steps like firmware integrity checking, encryption, and PIN authentication.
Kilbride also said that since there are no regulations centered on firmware integrity and validation in devices despite being integral to the safety of the system, modern devices are vulnerable to cyber-attacks.
IOActive had informed Segway/Ninebot about the said vulnerabilities, following which the company released an update to plug some of them.
Jay Jay is a freelance technology writer for teiss. He has previously written news articles, device reviews and features for Mobile Choice UK website and magazine, as well as writing extensively for SC Magazine UK, Tech Radar, Indian Express, and Android Headlines.
The popular PremiSys access control system, which is used by Fortune 500 companies, universities, medical centres and government agencies to secure their offices, has been found to contain zero-day vulnerabilities …
Germany could still decide to rule out Chinese telecom equipment vendor Huawei Technologies from the construction of the country's fifth-generation data network (5G). This is due to security concerns, the defence minister …