Ninebot smartphone app allows riders to adjust light colours, modify safety features, run vehicle diagnostics, set anti-theft alarms, and even remotely commanding the miniPRO scooter to move.
But the security of powerful miniPRO was so sick that Thomas hardly took 20 seconds to hack it and hijack remote control of it.
In a blog post published today, Thomas has disclosed a series of critical security vulnerabilities in Segway’s miniPRO scooter, and we have compiled them in a simple, understandable format below:
- Security PIN Bypass — A potential attacker can use the modified version of the Nordic UART app to connect Segway Ninebot miniPRO via Bluetooth without requiring any security PIN.
- Unencrypted Communications — Ninebot App & the Hoverboard communicates over an unencrypted channel, allowing a remote attacker to perform man-in-the-middle attacks and inject malicious payloads.
- No Firmware Integrity Verification — Lack of unencrypted communication and Firmware integrity verification mechanism to detect unauthorised changes allows an attacker to push malicious firmware update.
- Reveal GPS Location of Nearby Riders — GPS feature in Ninebot App known as “Rider Nearby,” which lets users to find other nearby miniPro riders in the real-time, exposes hoverboard location through the phone’s GPS publicly to potential attackers and thieves.
Thomas has also provided a video demonstration showing how he was able to push the malicious firmware update to the miniPro, leaving the device open to further hacks.
These vulnerabilities were discovered late last year by Thomas, which was then patched by Ninebot in April this year after the researcher responsibly reported the company.