Megalith
24-bit/48kHz
- Joined
- Aug 20, 2006
- Messages
- 13,000
Segways’ MiniPro electric scooter was originally quite the security disaster and demonstrative of the very real dangers of device hacking: not only did the user PIN on the MiniPro Bluetooth app fail to apply to every level of the system, but the software update platform lacked an integrity check so malicious firmware could easily be snuck in. A GPS feature known as "Rider Nearby" also allowed users to be easily tracked.
The good news is that IOActive disclosed the bugs to Segway, which is owned by Chinese scooter-maker Ninebot, in January, and the company addressed the bulk of the problems in an app update in April. As part of the changes, Segway added mechanisms like cryptographic signing to validate firmware updates, which should prevent full takeovers. It eliminated the Rider Nearby feature, and took steps to evaluate its Bluetooth communication protocols and security.
The good news is that IOActive disclosed the bugs to Segway, which is owned by Chinese scooter-maker Ninebot, in January, and the company addressed the bulk of the problems in an app update in April. As part of the changes, Segway added mechanisms like cryptographic signing to validate firmware updates, which should prevent full takeovers. It eliminated the Rider Nearby feature, and took steps to evaluate its Bluetooth communication protocols and security.