Critical security vulnerabilities have been discovered in the Segway/Ninebot MiniPro Hoverboard, but don’t panic – firmware patches have already been issued to prevent malicious hackers from attacking the devices.
Which is a relief – as successful exploitation of the security holes could have seen attackers seize remote control of a hoverboard and potentially injure riders by suddenly disabling the motor.
Vulnerability researchers at IOActive determined that the Segway MiniPro contained several critical flaws that could be wirelessly exploited by an attacker to bypass the hoverboard’s built-in safety systems.
Using the hoverboard’s smartphone app (of course it has an app!), the researchers were able to identify nearby riders, and then exploit Bluetooth vulnerabilities to change the hoverboard’s PIN and lock out its legitimate owner.
Connecting to the targeted hoverboard, researchers were able to deliver a malicious firmware update – taking advantage of the fact that the device failed to integrity check its firmware updates.
In short, a personal transport device has been hijacked remotely, while in motion, without its owners’ knowledge.
It’s clear that the Segway MiniPro would have been better defended against attacks if sensible precautions had been made during its design. For instance, firmware updates should be encrypted, authenticated and integrity checked before they are allowed to install on a device.
Additionally, it would seem sensible to take advantage of the Bluetooth Pre-Shared Key (PSK) authentication or PIN authentication to determine if someone is authorised to connect to a device or not, and for rider privacy to be maintained by not making it easy for anyone to lookup nearby riders on a map.
Meanwhile, consumers would be wise to ensure that they are always running the latest app updates, and remember that if they don’t need to use remote or wireless functionality to ensure that such features are not turned on.
Of course, what you really want to see is the hack in action…
Here’s a YouTube video that IOActive made demonstrating how easy it might be to remotely steal a Segway MiniPro, and even cause a rider to fall off their hoverboard.
IOActive disclosed details of the security issues to Ninebot, who acquired Segway Inc two years ago, in January and fixes for the critical issues were reportedly rolled out in April.
More details of the researchers’ discoveries can be found in this report (PDF).
Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.