Rani Idan, director of software research at Zimperium, said he found the flaw and was able to exploit it within hours of evaluating the safety of the M365 electric bike. His analysis found that scooters contain three software components: battery management, hardware-software firmware, and a Bluetooth module that allows users to connect to their scooter through a smartphone application. The latter leaves the machines seriously compromised.
Rani Idan quickly found that he could connect to the scooter via Bluetooth without being asked to enter a password or other authentication in another way. From there he can adopt programs on the scooter without the system realizing that this new program was an official and reliable update of the political, meaning that the attacker can easily put malicious software on an electric bicycle, which gives itself full control.
"I was able to control any of the scooter's features without validating and installing malware," says Randy Idan. "An attacker can stop the bike suddenly, or speed it up, and trample anyone in traffic, or any other worst scenario you can imagine."
Rani Idan quickly found that he could connect to the scooter via Bluetooth without being asked to enter a password or other authentication in another way. From there he can adopt programs on the scooter without the system realizing that this new program was an official and reliable update of the political, meaning that the attacker can easily put malicious software on an electric bicycle, which gives itself full control.
"I was able to control any of the scooter's features without validating and installing malware," says Randy Idan. "An attacker can stop the bike suddenly, or speed it up, and trample anyone in traffic, or any other worst scenario you can imagine."
