Watch a Remote Segway Hack Eject A Rider

first_img How to Stay Cybersecure for the HolidaysYou Know Your Smartphone is Spying on You, But It’s Worse Than You Think Quick, someone call G.O.B! Hackers might be able to remotely hijack his Segway if he doesn’t apply the latest security update.That’s assuming he upgraded from the older model he’d been riding on Arrested Development to the slick Segway MiniPro. See, a security researcher discovered some serious flaws in the scooter’s firmware. Thomas Killbride is an embedded device security consultant with IOActive. He’s also a fan (and owner) of the two-wheeled people mover.As soon as he got his hands on it, Killbride did what any security pro would. He started probing the Segway and its companion mobile app for vulnerabilities. The connected scooter’s companion app already allowed owners to drive them around like an RC car. That got Killbride’s wheels turning.Shortcomings in the Bluetooth implementation granted Killbride the elevated access he needed. Since the MiniPro didn’t verify the authenticity of firmware uploads, he was able to inject modified firmware and remotely mess with a MiniPro. Killbride learned he could remotely hack into anyone’s MiniPro and take over the controls.It’s definitely fun to watch it happen in IOActive’s demo video. Out on the streets, however, a hacker who wanted to could cause an unsuspecting rider to swerve into traffic or throw on the breaks and send him or her flying face-first into the pavement.The good news here is that IOActive informed Ninebot, the Chinese company that now owns Segway, and they’ve released updated firmware that tightens up the MiniPro’s security. Among the changes: it actually verifies that firmware updates come from Ninebot now (and not just whoever figured out how to upload one to the scooter). It also killed a potentially very creepy social location sharing feature.Let us know what you like about Geek by taking our survey. Stay on targetlast_img

Leave a Reply

Your email address will not be published. Required fields are marked *