Obsessed with technology?
Subscribe to the latest tech news as well as exciting promotions from us and our partners!
By subscribing, you indicate that you have read & understood the SPH's Privacy Policy and PDPA Statement.
News Categories

A security vulnerability in Xiaomi’s Mijia M365 electric scooter exposes it to hackers

By Wong Chung Wee - on 15 Feb 2019, 11:00am

A security vulnerability in Xiaomi’s Mijia M365 electric scooter exposes it to hackers

(Image source: Xiaomi)

Hackers have targeted smart devices like speakers with voice assistant and smartwatches as well as social media platforms. Now, they could turn their sights to electric scooters, in particular, the Xiaomi Mijia M365 electric scooter.

According to a Wired report, director of security firm Zimperium, Rani Idan says he has uncovered a security flaw in the Bluetooth module of the affected e-scooter. He could connect to the scooter via Bluetooth without any authentication. Following which he had the liberty to install firmware on the device with any system checks. This means a hacker with nefarious intentions can install malware on the scooter and have complete control over the device.

Zimperium has reached out to Xiaomi; however, the firm was unable to issue any quick fixes as the M365’s Bluetooth module implementation was outsourced to a third-party contractor. This means any fixes will be dependent on the contractor’s efforts. Zimperium has developed both Android and iOS versions of proof-of-concept malware to probe the e-scooter’s weakness. The security firm has taken the controversial step in making public the Android version of its app in order to force “unresponsive IoT companies and electronics manufacturers” to take responsibility.

The Xiaomi Mijia M365 electric scooter is available locally and is UL2272 certified for LTA compliance.

(Source: Wired, Xiaomi)