Critical flaws in Segway Hoverboards leaving them vulnerable to cyber-attacks

Critical flaws in Segway Hoverboards leaving them vulnerable to cyber-attacks

Critical flaws in Segway Hoverboards leaving them vulnerable to cyber-attacks

Hackers can exploit vulnerabilities in Segway hoverboards to take control of controller firmware, remove rider detection and cause accidents.

If he wants, a hacker can cause serious injuries to hoverboard riders by abruptly stopping the scooters when they are in motion.

A research note published by security consulting firm IOActive has detailed out how hackers can exploit critical security vulnerabilities in the Segway/Ninebot MiniPRO Hoverboards to bypass safety systems, remotely take control of devices, change settings and control pace and direction of such hoverboards.

Routers to toys, is the smart home really just an unsafe home?

Such vulnerabilities may also allow a hacker to abruptly stop a hoverboard while it is in motion, resulting in a violent fall for the rider.

Thomas Kilbride, Embedded Devices Security Consultant at IOActive, conducted the research and concluded that the said hoverboards carry serious security vulnerabilities which allow hackers to take control of and manage them.

Using reverse engineering and protocol analysis, he was able to perform a firmware update of the scooter’s control system without authentication and modify the controller firmware to remove rider detection.

Kilbride was also able to determine the location of riders in an area as they were indexed using their smart phone’s GPS. So if a hacker wanted to harm a particular rider, he could trace his hoverboard, hijack it and control it without the rider’s knowledge.

WiMax router vulnerability lets hackers track customers’ internet activities

The firm said that in order to plug such vulnerabilities, hoverboard makers need to strengthen their device firmware by introducing steps like firmware integrity checking, encryption, and PIN authentication.

Kilbride also said that since there are no regulations centered on firmware integrity and validation in devices despite being integral to the safety of the system, modern devices are vulnerable to cyber-attacks.

IOActive had informed Segway/Ninebot about the said vulnerabilities, following which the company released an update to plug some of them.

Copyright Lyonsdown Limited 2021

Top Articles

COO of network security firm indicted for hacking into hospital network

A 45-year-old Chief Operating Officer of network security company in Atlanta, Georgia was indicted this week for launching a cyber attack on Gwinnett Medical Center.

McDonald's data breach: Employee and customer data stolen by hackers

McDonald's suffered a data breach that compromised the personal information of customers in South Korea and Taiwan and business contact information of some US employees.

RockYou2021 data leak: 8.4 billion passwords compromised

A report shows that 100GB of data which includes 8.4 billion passwords have been recently leaked on the internet, people are being encouraged to secure their accounts.

Related Articles

[s2Member-Login login_redirect=”” /]