If you are hoverboard rider, you should be concerned about yourself.
Thomas Kilbride, a security researcher from security firm IOActive, have discovered several critical vulnerabilities in Segway Ninebot miniPRO that could be exploited by hackers to remotely take “full control” over the hoverboard within range and leave riders out-of-control.
Segway Ninebot miniPRO is a high-speed, self-balancing, two-wheel, hands-free electric scooter, also known as SUV of hoverboards, which also allows it riders to control the hoverboard by a Ninebot smartphone app remotely.
Ninebot smartphone app allows riders to adjust light colours, modify safety features, run vehicle diagnostics, set anti-theft alarms, and even remotely commanding the miniPRO scooter to move.
But the security of powerful miniPRO was so sick that Thomas hardly took 20 seconds to hack it and hijack remote control of it.
In a blog post published today, Thomas has disclosed a series of critical security vulnerabilities in Segway’s miniPRO scooter, and we have compiled them in a simple, understandable format below:
If exploited, these vulnerabilities could at one time be used to disrupt the device’s settings, speed, the direction of movement and internal motor.
Thomas has also provided a video demonstration showing how he was able to push the malicious firmware update to the miniPro, leaving the device open to further hacks.
These vulnerabilities were discovered late last year by Thomas, which was then patched by Ninebot in April this year after the researcher responsibly reported the company.