{"id":1400,"date":"2020-02-25T13:16:25","date_gmt":"2020-02-25T09:16:25","guid":{"rendered":"https:\/\/www.techxmedia.com\/?p=1400"},"modified":"2025-04-18T00:01:37","modified_gmt":"2025-04-17T20:01:37","slug":"electric-scooters-remote-hacks","status":"publish","type":"post","link":"https:\/\/techxmedia.com\/en\/electric-scooters-remote-hacks\/","title":{"rendered":"Electric scooters vulnerable to remote hacks"},"content":{"rendered":"\n<p><strong>By\n\u201cAmer Owaida\u201d, Security Writer at ESET<\/strong><\/p>\n\n\n\n<p>Electric scooters are steadily becoming a popular alternative for short\ncommutes. Besides convenience, however, they also introduce a range of\ncybersecurity and privacy risks, according to a study by the University of\nTexas at San Antonio (UTSA).<\/p>\n\n\n\n<p>The review \u2013 which UTSA said is \u201cthe first review of the security and\nprivacy risks posed by e-scooters and their related software services and\napplications\u201d \u2013 outlines various attacks scenarios that riders might face and\nsuggests measures to tackle the risks.<\/p>\n\n\n\n<p>Many e-scooters rely on a combination of Bluetooth Low Energy (BLE) and the rider\u2019s <a href=\"https:\/\/techxmedia.com\/tag\/smartphone\/\">smartphone<\/a> internet connection to run, as well as to send data to the service provider. This opens up a number of avenues for potential attacks. For example, bad actors could eavesdrop on the data being broadcast, which could, in turn, lead to Man-in-the-Middle (MitM) and replay attacks. As a result, in some cases hackers could remotely inject commands to take control of the scooter and harm the rider or pedestrians. In fact, this very risk was already discovered in one of Xiaomi\u2019s scooters last year.<\/p>\n\n\n\n<p>A scooter\u2019s battery, engine, brakes, headlights and controller chip are\namong the key components that can be targeted during a physical attack.\nAttackers can then swap out key components or install \u201cmalicious modules\u201d,\nallowing them to control the scooter remotely or gather private information on\nthe sly. By remotely manipulating the brakes and acceleration, the bad actor\ncan injure the rider and\/or other people.<\/p>\n\n\n\n<p>Micromobility apps usually track the e-scooters\u2019 whereabouts, which\nmeans that location spoofing is another thing to worry about. Bad actors can,\nfor example, lure a rider to a secluded area and then to harm them.<\/p>\n\n\n\n<p>E-scooter providers require a wide range of information from the riders\nwho sign up for their service. Usually, these include some form of identification,\nalong with billing, contact and demographic information. The providers\nautomatically collect additional data, including GPS and smartphone-specific\ninformation. Attackers with access to such data can create comprehensive images\nof riders\u2019 habits, places they frequent, and routes they are likely to use.<\/p>\n\n\n\n<p>Most of the risks can be mitigated by implementing cybersecurity best\npractices. Employees recharging the scooters could check their mechanical or\nelectrical components to make sure nobody had tampered with the scooters. As\nfor the looming privacy risks, one of the best steps would be to implement a\nprivacy-by-design approach for the applications, making the parts that handle\ndata inaccessible to unauthorized personnel. In addition, data traffic monitoring\nwould help the service provider to react to threats in real-time.<em><\/em><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Many e-scooters rely on a combination of Bluetooth Low Energy (BLE) and the rider\u2019s smartphone internet connection to run, as well as to send data to the service provider. This opens up a number of avenues for potential attacks. <\/p>\n","protected":false},"author":8,"featured_media":1398,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"inline_featured_image":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[1595,9621],"tags":[546,545,518,542,547,544],"contributor":[],"class_list":["post-1400","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-cybersecurity","category-emerging-technologies","tag-ble","tag-bluetooth_low_energy","tag-cyber_security","tag-e_scooters","tag-micromobility","tag-privacy_risks"],"featured_image_src":"https:\/\/techxmedia.com\/en\/wp-content\/uploads\/2020\/02\/Amer-Owaida-Security-Writer-at-ESET-e1582620897336.jpg","author_info":{"display_name":"Rabab","author_link":"https:\/\/techxmedia.com\/en\/author\/rabab\/"},"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/posts\/1400","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/users\/8"}],"replies":[{"embeddable":true,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/comments?post=1400"}],"version-history":[{"count":0,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/posts\/1400\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/media\/1398"}],"wp:attachment":[{"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/media?parent=1400"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/categories?post=1400"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/tags?post=1400"},{"taxonomy":"contributor","embeddable":true,"href":"https:\/\/techxmedia.com\/en\/wp-json\/wp\/v2\/contributor?post=1400"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}