We found the problem in the Bluetooth control.
The American company Zimperium, which deals with the security of mobile devices, found a security hole in Xiaomi’s electric scooters, which allows you to block or speed up any Xiaomi M365 scooter with Bluetooth control. And the maximum “radius of destruction” of scooters is 100 meters.
During the investigation, the researchers found that the scooter password was checked only on the application side, and the scooter itself did not track the authentication status and that all commands could be executed without it. Thanks to a security hole, hackers were able to use all the functions of remote scooter control without the need for authentication.
In Xiaomi M365 electric scooters, the user, via Bluetooth, can interact with the anti-theft system, cruise control, eco-mode and firmware upgrade for the electric scooter.
Due to the vulnerability, third parties can block the scooter, put a malicious firmware on it or gain complete control over it. A team of researchers also recorded a video of the process and set an example of hacking on a random user of this model of a scooter on the street.
In response to the investigation, Xiaomi thanked the company and said that they were aware of the vulnerability and are working to eliminate it.
Updated at 5:35 pm: A Xiaomi spokesperson told that the company is aware of the Mi Electric Scooter’s scooter vulnerability, which hackers can intentionally use to control someone else’s scooter.
[perfectpullquote align=”full” bordertop=”false” cite=”” link=”” color=”” class=”” size=””]Xiaomi is aware of the Mi Electric Scooter’s scooter vulnerability that hackers can intentionally use to control someone else’s scooter. As soon as the company learned about the problem, work began on its elimination, as well as the removal of all non-original applications. At the moment, the security service and the software development team are working on an update that users will be able to receive over the air in the near future. Xiaomi appreciates feedback from the security community and strives to constantly improve performance based on feedback in order to create safe products and constantly improve their quality.[/perfectpullquote]