Xiaomi’s popular electric scooter has been exposed to security vulnerability according to the recent research conducted by Zimperium group.
Xiaomi electric scooter has hit the US market during the past year and many individuals and companies are using Xiaomi electric scooter for various purposes. Mainly, scooter rental companies use Xiaomi M365 electric scooter for their customers.
A flaw in Xiaomi Electric Scooter found by the security researchers could allow hackers to take full control over the device remotely including acceleration and brake, the security group said on Tuesday.
According to the details, Xiaomi uses Bluetooth communication in scooter’s password authentication process which is quite vulnerable. “Our research has found that password authentication is not being used properly in the device and all the commands can be executed without the password, the password is only validated on the application side and scooter as a device doesn’t keep track of authentication state.”, Zimperium said in a statement.
The researchers were able to interact with the device’s anti-theft system, eco mode, and cruise control; they were also able to update the firmware without the authentication required.
The research group has also published a video in which they gave a proof of Xiaomi Scooter hack, applying brakes to the scooter remotely in the video using the app which works within the 100 meters of any M365 Scooter, Zimperium said.
The recent studies is an eye opener for the regulators in the US as more and more electric scooter rental companies are offering these services to public. People love to cruise around busy cities using electric scooters in the US, some blame that riders jeopardize others safety and ignore traffic rules.
The researchers said they have informed Xiaomi about the flaw but Xiaomi didn’t respond to the situation immediately.