We all have heard about the current hacking trend of major public service sectors like power houses, dams etc. What is next is something that you might not have expected: Segway hoverboard hacking. Amazing and astonishing as it might appear, several vulnerabilities have been discovered in the framework of Segway hoverboards which the hackers can exploit to take full control of any Segway hoverboard and leave the user uncontrollable of his/her hoverboard.
In an article published on Forbes, it was disclosed that there are severe vulnerabilities particularly in the Segway hands-free Ninebot miniPRO scooter which puts user’s physical safety on the edge. Let it be known that this version of Segway hoverboard is an advanced version of hands free electric scooter that allows users to remotely control all its salient features and systems from an official app. The most shocking fact about this discovery is that this hack can be carried out so easily and within a time span of 20 seconds or less. Not only will this harm user physical well-being but also is an easy way to steal Segway hoverboards remotely.
In an interview, IOActive researcher Thomas Kilbride said:
“Attacks could be carried out with just 20 seconds of continuous Bluetooth connection to a Segway hoverboard. It may be sped up using other means. It’s a little bit alarming.”
In a research to prove Segway hoverboard hacking, he used the official Ninebot app that helps to control the Segway hoverboard which showed the location of other Segway hoverboard users nearby. He quoted: “Each riders’ location was published and publicly available, which makes weaponisation of an exploit much easier for an attacker.”
He then used a software known as Nordic UART, which is a bluetooth application, to make changes in its programming and make it as a hacking tool for Segway hoverboards. The scooter allowed Nordic software to have access to the hoverboard without any authentication or password. He believes that this hacking is made easy by three main things:
- Lack of authentication to access hoverboard commands
- Lack of encryption of data sent to and from the device
- Lack of firmware integrity
- Easy to know the location of nearby riders by the official app
All these can be used to control the device motor, directional movement and even deactivate the anti-theft systems it consists.
Thankfully, the discovery of Segway hoverboard hacking alerted the company and due to Thomas’ efforts, the company has released patches to correct this issue. If you are a user of these hoverboards, make the patch updates to stay safe. And even if you are not a user of these hoverboards, keep your eyes open and watch out for any vulnerabilities in your devices.
