Segway hoverboard could be wirelessly hacked say researchers

The security vulnerability could let attackers take control of neaby Segways.

Image: IOActive

Security vulnerabilities in Segway hoverboard software could be exploited by hackers to remotely monitor the location of users, lock them out of their vehicles or bring the device to a halt, causing the rider to fall off, according to security researchers.

Using reverse engineering, researchers at IOActive found it was possible to intercept communications between the Ninebot by Segway miniPRO hands-free, two-wheel electric scooter and its companion mobile application to perform attacks.

If found that an attacker could connect to Ninebot using a modified version of Nordic UART, a propriety Bluetooth service and reverse engineer the scooter's communications protocol - the same system used for remote control and configuration settings - using a Bluetooth sniffer. The targeted users' PIN authentication wasn't needed to establish a connection in this case.

IOActive was able to reverse engineer the firmware update mechanism, discovering that Ninebot didn't do firmware integrity check before accepting a firmware update. This could allow attackers to have their own firmware uploaded instead allowing them to modify the behaviiour of the device.

The attacker is able to change the PIN number, and upload a firmware update, locking the segway user out of the device. A hacker could change the LED colours, update the device with a new PIN to lock out the rider or disable the motors while it was in use, bringing it to a sudden stop.

"As long as they have a device with Bluetooth they can send commands to the hoverboard and use any of these exploits. They don't need a hoverboard to perform the attacks, but they need to perform the firmware update," said Kilbridge.

Nearby Segways could even be located using the Ninebot app, as it indexes the location of riders in the area and makes it publicly available.

"As you rode the hoverboard your phones' GPS would upload your location data to Segway servers and it'd be periodically exposed publicly. This makes it easier to weaponise an exploit like this," Thomas Kilbridge, the IOActive security researcher who found the vulnerability told ZDNet.

The Segway rider nearby feature on the Ninebot app.

Image: IOActive

IOActive has disclosed the vulnerabilities to Segway and its parent company Ninebot and the scooter manufacturer has subsequently updated the applications to ensure the security vulnerabilities have been closed.

These include implementing firmware integrity checking, ensuring the use of Bluetooth pre-shared key authentication or PIN authentication, the use of strong encryption for wireless communications and ta pairing mode as the sole way to pair a scooter with a phone.

The Ninebot app also also been updated to protect rider privacy by not exposing their location to others. IOActive praised the company for being "very responsive" for working with them and fixing the vulnerabilities.

The security vulnerabilities once again open the debate about cybersecurity, the Internet of Things and consumer awareness around connected devices. Indeed, IOActive previously disclosed vulnerabilities in robots which could be used to cause damage or conduct espionage.

"It's important for consumers to be aware of the connectability of the devices that they own," said Kilbridge.

"From the manufacturers standpoint, it's important for safety critical devices like this that security be checked routinely and maybe even regulations put in place to make sure that a vulnerability like this isn't in the wild before being sold on the market," he added.

READ MORE ON CYBERSECURITY

from Latest Topic for ZDNet in... http://ift.tt/2uyV10I