Watch Hackers Take Over a Segway with Someone on It

[Megalith]

Segways’ MiniPro electric scooter was originally quite the security disaster and demonstrative of the very real dangers of device hacking: not only did the user PIN on the MiniPro Bluetooth app fail to apply to every level of the system, but the software update platform lacked an integrity check so malicious firmware could easily be snuck in. A GPS feature known as "Rider Nearby" also allowed users to be easily tracked.

The good news is that IOActive disclosed the bugs to Segway, which is owned by Chinese scooter-maker Ninebot, in January, and the company addressed the bulk of the problems in an app update in April. As part of the changes, Segway added mechanisms like cryptographic signing to validate firmware updates, which should prevent full takeovers. It eliminated the Rider Nearby feature, and took steps to evaluate its Bluetooth communication protocols and security.

 

[jfreund]

Making the world safer for lazy tourists.

 

[mr.erik]

Right now I see it as making the world safer from lazy tourists

 

[Nukester]

Yeah, when this starts happening to cars... Look out!

 

[Gigus Fire]

I don't really get how this is a hack. They overwrote the firmware on the board which gave them the ability to remote control it.
Now their response is to lock down the firmware with checks.

Well what if i was an enthusiast (like custom firmware that merlin does for wrt asus routers) and wanted to add features that weren't normally available (I dunno, follow waypoints and navigate remotely using a hoverboard).

Now thanks to these idiots i can't because the manufacturer locked me out.

"Today, we security researchers were able to take control of this vehicle by ripping out the ecu and replacing it with one that can be remotely controlled. We have forwarded this information to the car manufacturer who have later revised it so that the ecu can't be removed".

 

[Azphira]

I'm waiting for the "Watch hackers go too far and be taken out by a military strike team at 3am" video.

 

[bbs lm-r]

Had to check that Spotify was paused, could barely hear the guy talk over the jam playing in the background.

 

[Olle P]

I don't really get how this is a hack. They overwrote the firmware on the board which gave them the ability to remote control it.
Now their response is to lock down the firmware with checks.

Well what if i was an enthusiast (like custom firmware that merlin does for wrt asus routers) ... Now thanks to these idiots i can't because the manufacturer locked me out.

The main component to make this a "hack" is that the firmware was overwritten by remote!

Do you allow admin access to your router from the WAN-side, using the factory default admin password? That's the best analogy here...
If the firmware update required physical access to the board, opening it up and connecting a cable inside, there would be no problem.

 

[Gigus Fire]

The main component to make this a "hack" is that the firmware was overwritten by remote!

Do you allow admin access to your router from the WAN-side, using the factory default admin password? That's the best analogy here...
If the firmware update required physical access to the board, opening it up and connecting a cable inside, there would be no problem.

I agree, but that wasn't the fix, nor was it to just password the bluetooth interface that allows for updates which would have solved the problem as well.

 

[Master_shake_]

Yeah, when this starts happening to cars... Look out!

it's been done.

 

[PaulP]

Wanna bet that before this there was nobody on the segway software team that had any kind of security expertise? This is a common problem that has been largely unacknowledged by the industry.