Do you have an hoverboard? This news will probably surprise you because according to the experts at security firm IOActive, your hoverboard could be hacked too.
The security researcher Thomas Kilbride from IOActive has found several critical vulnerabilities in Segway Ninebot miniPRO hoverboard. The vulnerabilities could be exploited by a remote attacker to take “full control” over the hoverboard within range-
The mobile app allows owners to perform a number of activities with their hoverboard such as adjust light colors, set anti-theft alarms, and even remotely control the movement of the Segway Ninebot miniPRO scooter.
“Using reverse engineering and protocol analysis techniques, I was able to determine that my Ninebot by Segway miniPRO (Ninebot purchased Segway Inc. in 2015) had several critical vulnerabilities that were wirelessly exploitable. These vulnerabilities could be used by an attacker to bypass safety systems designed by Ninebot, one of the only hoverboards approved for sale in many countries.” wrote Kilbride.
Kilbride told Forbes, that an attacker just needs 20 seconds of Bluetooth connection to hack the hoverboard remotely.
“Attacks could be carried out with just 20 seconds of continuous Bluetooth connection to a Segway hoverboard, said IOActive researcher Thomas Kilbride. “It may be sped up using other means,” he told Forbes. “It’s a little bit alarming.” Not only would it be possible to kill the motor mid-drive, but it’d be simple to steal a miniPRO too, as seen in his demonstration video below.”
Below the vulnerabilities discovered by the expert:
The flaws were fixed by Ninebot in April this year.
[adrotate banner=”9″]
(Security Affairs – Segway Ninebot miniPRO, hoverboard, hacking)
[adrotate banner=”13″]
China-linked threat actors are preparing cyber attacks against U.S. critical infrastructure warned FBI Director Christopher…
The United Nations Development Programme (UNDP) has initiated an investigation into an alleged ransomware attack…
BlackBerry reported that the financially motivated group FIN7 targeted the IT department of a large…
An international law enforcement operation led to the disruption of the prominent phishing-as-a-service platform LabHost.…
Russia-linked APT Sandworm employed a previously undocumented backdoor called Kapeka in attacks against Eastern Europe since…
Cisco has addressed a high-severity vulnerability in its Integrated Management Controller (IMC) for which publicly…
This website uses cookies.