Electric transport is good, and even betterwhen you can take it with you - for example, a scooter. But the more complex the technology, the more vulnerabilities it has. So, the American company Zimperium, which specializes in the security of mobile devices, found a “hole” in the Xiaomi M365 electric scooter firmware, which allows anyone to get remote access to the device.
According to Zimperium representatives, connectmanagement can be done without entering a password and other checks. The problem is that the password is checked only by the mobile application, but the scooter accepts commands from any device without a password. Of course, the remote access radius is not so large (about 100 meters), but this is enough for the owner of the scooter to get physical damage. After all, attackers can easily increase or decrease the speed of the device (or block it altogether).
Moreover, the experts themselves tested the vulnerability and uploaded a video.
Of course, even before the publication of the study Xiaomiwarned about the found vulnerability. According to the manufacturer, the company is working to resolve the problem, but this is not so easy, because the scooters use third-party Bluetooth modules.
Worldwide, many provisioning servicesScooters use electric scooters Xiaomi M365. And while there is no corrected firmware, experts advise to refrain from traveling on such vehicles.
You can discuss this news in our Telegram-chat.