View all newsletters
Receive our newsletter - data, insights and analysis delivered to you

Hackers could catch up with Segway MiniPro with IoT attacks

Connected devices are everywhere and in some cases they pose not only a cyber risk, but a physical risk too.

By Tom Ball

Major security vulnerabilities have been identified in the Segway Ninebot MiniPRO as tests allowed a hacker to take control.

Once a hacker has control of the Ninebot MiniPRO they are able to disable the motor and bring the device to a sudden stop while a rider is in motion, while also being able to change the direction and pace of travel.

The successful attack on the Segway during testing involved a firmware update of the scooter’s control system, which meant the hacker could remove rider detection without requiring authentication.

Behind the findings is the cybersecurity firm IOActive, experts in penetration testing and research. IOActive found that a hacker could simply ignore safety systems and move ahead to control the device using a smart phone, for example.

Hackers catch up with Segway MiniPro with IoT attacks

This instance is another example of an effective attack on an internet of things device, further evidencing the breadth of the spectrum of IoT devices that can be commandeered by a cyber adversary.

Thomas Kilbride, IOActive Embedded Devices Security Consultant, said: “FTC regulations do require scooters to meet certain mechanical and electrical specifications to help avoid battery fires and various mechanical failures…  However, there are currently no regulations centered on firmware integrity and validation, despite being integral to the safety of the system. As my research indicates, this lack of regulation could lead to a number of dangerous situations.”

Content from our partners
Why food manufacturers must pursue greater visibility and agility
How to define an empowered chief data officer
Financial management can be onerous for CFOs, but new tech is helping lighten the load
READ MORE: Qualcomm lines up new AI partnership in IoT drive

The fact that these Segway devices are prepared with regulation pertaining to physical risks such as fire, but not for a potentially dangerous cyber attack makes clear that understanding of the risks posed by unsecure IoT is insufficient.

“Using reverse engineering and protocol analysis, I was able to discover a number of worrisome security threats… For example, I determined that riders in the area were indexed using their smart phone’s GPS. Therefore, each rider’s location was publicly available, so the hoverboards could be found, tracked, hijacked, and controlled without the rider’s knowledge,” said Kilbride.

 

 

Topics in this article: , , , ,
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy Policy for more information about our services, how New Statesman Media Group may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications.
THANK YOU