Latest in Gear

Image credit: Bloomberg via Getty Images

Hackers can stop or speed up Xiaomi's M365 electric scooter (updated)

Xiaomi reportedly can't fix the problem on its own.
389 Shares
Share
Tweet
Share
Save

Sponsored Links

Bloomberg via Getty Images

As if there weren't enough safety concerns surrounding electric scooters, here's a new one. Researchers at mobile security firm Zimperium discovered a bug in the Xiaomi M365 scooter that allows a hacker to remotely access the device. Once the have taken over, the attacker can make the scooter accelerate or brake without the rider's input.

The exploit relates to an issue with the Bluetooth module on the scooter that is designed to let the device communicate with a rider's smartphone. The researchers were able to connect with a scooter via Bluetooth without being prompted for a password or any other form of identification. Once connected, the researchers found that they could control the scooter from their phone, telling it to slow down or speed up regardless of what the rider was doing, potentially putting them in a dangerous situation. They also discovered it was possible to upload malware to the machine.

Making matters even worse, after Zimperium reported the bug to Xiaomi, the company informed the researchers that they can't fix the issue on its own. Due to working with third-party manufacturers, Xiaomi will have to work with them to fix the issue. The company, in a statement to Engadget, said it is preparing an over-the-air update.

Update 2/15 5:00AM ET: Corrected the post which stated the issue was regarding a third-party Bluetooth module. Xiaomi also sent a statement saying that it's preparing an over-the-air update to address the flaw.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
389 Shares
Share
Tweet
Share
Save

Popular on Engadget

Russia reportedly breached encrypted FBI comms in 2010

Russia reportedly breached encrypted FBI comms in 2010

View
Elon Musk insists 'pedo guy' tweet wasn’t serious accusation

Elon Musk insists 'pedo guy' tweet wasn’t serious accusation

View
Nintendo's SNES-style Switch controllers are now available

Nintendo's SNES-style Switch controllers are now available

View
Mazda will show off its first EV at the Tokyo Motor Show

Mazda will show off its first EV at the Tokyo Motor Show

View
US Senators ask the FCC to review licenses with China-owned telecoms

US Senators ask the FCC to review licenses with China-owned telecoms

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr