Electric transport is good, but even better when it can bring — for example, the scooter. But the more complex the technology, the more it appears vulnerabilities. Thus, the American company Zimperium which specializiruetsya on mobile device security, found the “hole” in the firmware electric scooters Xiaomi M365, which allows anyone to remotely access the device.
According to representatives of Zimperium, to connect up without a password and other checks. The problem is that the password is checked only mobile app, but the scooter takes commands from any device without the password. Of course, the radius remote access is not so great (about 100 meters), but enough to the owner of the scooter has got physical damage. After all, attackers can easily increase or decrease the speed of the device (or lock it).
Moreover, the experts themselves have tested the vulnerability and posted a video.
Of course, even before the publication of the study Xiaomi warned about the found vulnerabilities. According to the manufacturer, the company is working to fix the problem, but it is not just because the scooters are used Bluetooth modules from third-party vendor.
Around the world many services for the provision of scooters used electric scooters Xiaomi M365. And while fixed firmware no, experts advise not to travel on such vehicles.