Hackers Could Easily Take Remote Control of Your Segway Hoverboards

Thomas Kilbride, a security researcher from security firm IOActive, have discovered several critical vulnerabilities in Segway Ninebot miniPRO that could be exploited by hackers to remotely take “full control” over the hoverboard within range and leave riders out-of-control.
Segway Ninebot miniPRO is a high-speed, self-balancing, two-wheel, hands-free electric scooter, also known as SUV of hoverboards, which also allows it riders to control the hoverboard by a Ninebot smartphone app remotely.

Ninebot smartphone app allows riders to adjust light colours, modify safety features, run vehicle diagnostics, set anti-theft alarms, and even remotely commanding the miniPRO scooter to move.


But the security of powerful miniPRO was so sick that Thomas hardly took 20 seconds to hack it and hijack remote control of it.

In a blog post published today, Thomas has disclosed a series of critical security vulnerabilities in Segway’s miniPRO scooter, and we have compiled them in a simple, understandable format below:

  • Security PIN Bypass — A potential attacker can use the modified version of the Nordic UART app to connect Segway Ninebot miniPRO via Bluetooth without requiring any security PIN.
  • Unencrypted Communications — Ninebot App & the Hoverboard communicates over an unencrypted channel, allowing a remote attacker to perform man-in-the-middle attacks and inject malicious payloads.
  • No Firmware Integrity Verification — Lack of unencrypted communication and Firmware integrity verification mechanism to detect unauthorised changes allows an attacker to push malicious firmware update.
  • Reveal GPS Location of Nearby Riders — GPS feature in Ninebot App known as “Rider Nearby,” which lets users to find other nearby miniPro riders in the real-time, exposes hoverboard location through the phone’s GPS publicly to potential attackers and thieves.
If exploited, these vulnerabilities could at one time be used to disrupt the device’s settings, speed, the direction of movement and internal motor.

Thomas has also provided a video demonstration showing how he was able to push the malicious firmware update to the miniPro, leaving the device open to further hacks.

These vulnerabilities were discovered late last year by Thomas, which was then patched by Ninebot in April this year after the researcher responsibly reported the company.


Please enter your comment!
Please enter your name here

Questo sito usa Akismet per ridurre lo spam. Scopri come i tuoi dati vengono elaborati.