Home / / Electric scooters could be vulnerable to remote hacks

Electric scooters could be vulnerable to remote hacks

Turns out, a helmet may not be enough to keep you protected when riding an e-scooter

Electric scooters could be vulnerable to remote hacks

E-scooters are becoming commonplace and it's an ideal alternative to taking a vehicle to commute to a short distance, however like anything electronic, e-scooters are susceptible to vulnerabilities from a cybersecurity perspective, which ESET, the security company found.

That's according to a study at University of Texas at San Antonio (UTSA). The review – which UTSA said is “the first review of the security and privacy risks posed by e-scooters and their related software services and applications” – outlines various attacks scenarios that riders might face and suggests measures to tackle the risks.

As Amer Owaida, Security Writer at ESET explains, "Many e-scooters rely on a combination of Bluetooth Low Energy (BLE) and the rider’s smartphone internet connection to run, as well as to send data to the service provider. This opens up a number of avenues for potential attacks. For example, bad actors could eavesdrop on the data being broadcast, which could, in turn, lead to Man-in-the-Middle (MitM) and replay attacks. As a result, in some cases hackers could remotely inject commands to take control of the scooter and harm the rider or pedestrians. In fact, this very risk was already discovered in one of Xiaomi’s scooters last year."

Hackers can potentially target a scooter's components like the engine, brakes, headlights and controller chip and a user can quickly find themselves unable to control their scooter because of a remote attack, they can be injured this way physically or they could have their privacy put at risk by luring unsuspecting riders to a secluded area and then to harm them.

The solution, Amer recommends, "Most of the risks can be mitigated by implementing cybersecurity best practices. Employees recharging the scooters could check their mechanical or electrical components to make sure nobody had tampered with the scooters. As for the looming privacy risks, one of the best steps would be to implement a privacy-by-design approach for the applications, making the parts that handle data inaccessible to unauthorized personnel. In addition, data traffic monitoring would help the service provider to react to threats in real-time."

Follow us to get the most comprehensive IT Security news delivered fresh from our social media accounts on Facebook, Twitter, Youtube, and listen to our Weekly Podcast. Click here to sign up for our weekly newsletter on curated technology news in the Middle East and Worldwide.

REGISTER NOW | Webinar Event | Security you can bank on – Safeguarding the Middle East’s financial sector

Presented in partnership with security and network specialist Cybereason, the second in the three part webinar series will bring together a panel of experts to discuss how banks and financial institutions are evolving their service offering while simultaneously staying one step ahead of the cyber criminals who seek to bring their operations crashing to the ground.