Vulnerability in Xiaomi's M365 scooter lets hackers control speed, slam on brakes
The company can't fix the issue aloneBy Rob Thubron
Cutting corners: One problem with so many products now coming with 'smart' capabilities is that they're susceptible to hacking. Joining the expanding list of vulnerable items are electric scooters. Specifically, Xiaomi's popular M365 model, which can be taken over by a hacker who could control the brakes and acceleration remotely.
We've seen hackers target smart sniper rifles, cars, speakers, and more in the past. Now, it's the turn of electric scooters. The modes of transport are becoming widely used in busy cities, where they're often rented via sharing services offered by companies such as Lyft. But researchers from mobile security firm Zimperium have warned of a potentially dangerous flaw in Xiaomi's M365 machine.
As reported by Wired, the issue is related to the Bluetooth module that allows the scooter to link with the mobile app. The researchers found they could connect to the scooter without requiring a password or any other form of ID, at which point they were able to make it go faster, slower, or disable it using the anti-theft feature. It was also possible to install malware.
When Zimperium informed Xiaomi of the problem, the Chinese giant said it was aware of it but was unable to roll out a fix. This is because the company sourced the Bluetooth implementation module from a third party rather than building it in-house and will have to work with that firm to find a solution.
In other electric scooter news, it was reported last week that the machines are injuring thousands of riders each year, and there has been at least four confirmed fatalities related to scooter usage.