As if there weren't enough safety concerns surrounding electric scooters, here's a new one. Researchers at mobile security firm Zimperium discovered a bug in the Xiaomi M365 scooter that allows a hacker to remotely access the device. Once the have taken over, the attacker can make the scooter accelerate or brake without the rider's input.
The exploit relates to an issue with the Bluetooth module on the scooter that is designed to let the device communicate with a rider's smartphone. The researchers were able to connect with a scooter via Bluetooth without being prompted for a password or any other form of identification. Once connected, the researchers found that they could control the scooter from their phone, telling it to slow down or speed up regardless of what the rider was doing, potentially putting them in a dangerous situation. They also discovered it was possible to upload malware to the machine.
Making matters even worse, after Zimperium reported the bug to Xiaomi, the company informed the researchers that they can't fix the issue on its own. Due to working with third-party manufacturers, Xiaomi will have to work with them to fix the issue. The company, in a statement to Engadget, said it is preparing an over-the-air update.
Update 2/15 5:00AM ET: Corrected the post which stated the issue was regarding a third-party Bluetooth module. Xiaomi also sent a statement saying that it's preparing an over-the-air update to address the flaw.