Critical security flaws have been found in the Segway Ninebot miniPRO hoverboards which could leave them vulnerable to attack, according to researchers from global security consulting firm IOActive.
If exploited, an attacker could bypass safety mechanisms and remotely take control of the device; enabling them to change settings, pace, direction, light colors or even cause the rider to crash while they’re in motion by bringing the Segway to an abrupt and unexpected halt.
“FTC regulations do require scooters to meet certain mechanical and electrical specifications to help avoid battery fires and various mechanical failures,” said IOActive embedded devices security consultant Thomas Kilbride.
“However, there are currently no regulations centered on firmware integrity and validation, despite being integral to the safety of the system. As my research indicates, this lack of regulation could lead to a number of dangerous situations,” he claimed.
Kilbride had tested mobile applications, firmware images and other software over the last eight months to identify flaws in the hoverboard. Once a vulnerability had been exploited, he could gain full control of the hoverboard.
Kilbridge was even able to perform a firmware update of the device’s control system without authentication and modify it to remove rider detection.
“Using reverse engineering and protocol analysis, I was able to discover a number of worrisome security threats,” Kilbride explained.
“For example, I determined that riders in the area were indexed using their smart phone’s GPS. Therefore, each rider's location was publicly available, so the hoverboards could be found, tracked, hijacked, and controlled without the rider’s knowledge,” he added.
IOActive has disclosed the vulnerabilities to Segway/Ninebot, and the company has since released a new version to address some of the issues identified – however IOActive has not indicated whether this means the scooter still has security flaws.
IOActive has advised manufacturers to mitigate these risks by, among other things, checking firmware integrity, incorporating encryption and ensuring there is PIN authentication.