Hackers could cause road traffic collisions by taking over electric scooters
'If someone were to fall off at the wrong time then it could easily result in a serious traffic injury or death'
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.Hackers could have used a vulnerability in electric scooters to cause road traffic collisions, researchers have revealed.
They found a number of “critical” security flaws in a popular type of self-balancing electric scooter – also widely known as a ‘hoverboard’ – that could let criminals remotely take control of one, even if it was being driven at the time.
If they wanted to, they could throw the rider off by making it come to an abrupt stop, or even drive it into traffic.
IOActive researcher Thomas Kilbride discovered the issue with the Ninebot by Segway MiniPRO, a model that costs around £700 and can reach speeds of 10mph.
He was able to seize full control of it by “[performing] a firmware update of the scooter’s control system without authentication and [modifying] the controller firmware to remove rider detection”, says the security firm.
“Most riders are in close proximity to automotive traffic and if someone were to fall off at the wrong time then it could easily result in a serious traffic injury or death,” Mr Kilbride told the Independent.
He added: “FTC regulations do require scooters to meet certain mechanical and electrical specifications to help avoid battery fires and various mechanical failures.
“However, there are currently no regulations centered on firmware integrity and validation, despite being integral to the safety of the system. As my research indicates, this lack of regulation could lead to a number of dangerous situations.”
So-called hoverboards became popular back in 2015, but soon came under intense scrutiny after models started catching fire.
While it’s illegal to ride them on roads in the UK, you can ride them on private land, such as a front garden.
“With the proper equipment an attacker would be able to attack multiple hoverboards, but only if they were within Bluetooth range,” Mr Kilbride continued.
“As with all wireless systems, it’s hard to put exact measurements on a maximum range. With specialised equipment I’m comfortable saying that an attacker could run this exploit at a couple hundred feet, but we have not tested this. With standard Bluetooth equipment (i.e. a smartphone) then the range would be about 10m or 33ft.”
IOActive disclosed the vulnerabilities to Segway, which has now addressed the issues.
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments