Researchers from mobile security firm Zimperium have discovered a flaw in Xiaomi’s M365 scooter that will let hackers take control of the electric vehicle’s speed and brake.
According to a report by cnet.com, hackers could make sudden acceleration or brakes once they have taken over the device’s controls which could be possible because of the scooter’s password authentication process, which is done via Bluetooth communications.
Zimperium said in a statement: “During our research, we determined the password is not being used properly as part of the authentication process with the scooter and that all commands can be executed without the password.”
“The password is only validated on the application side, but the scooter itself doesn’t keep track of the authentication state,” the mobile security firm added.
According to the researchers, they were able to interact with the anti-theft system of the Xiaomi scooter through its app without required authentication.
Xiaomi spokeswoman Agatha Tang meanwhile said that the company is aware of the flaw and is making necessary actions to fix the issue.
“As soon as we found out about this vulnerability, we have been working to fix it and taking down all unauthorized applications. In the meantime, an OTA (over-the-air) update is being prepared by Xiaomi’s product and security teams, and will be available as soon as possible,” said Tang.
(Photo source: androidpit.com/ YouTube – Zimperium)