A new report claims that the M365 electric scooter that Chinese smartphone and electronics giant Xiaomi makes comes with a security flaw. According to the information, the security flaw allows hackers to take control of the braking and acceleration controls of the scooter at about 100 meters of distance. The problem here is that hackers don’t even need to get physical access to the scooter to initiate the hack. The report also stated that braking and acceleration were not the only functions that the hacker can access with the help of this flaw. Hackers can control the anti-theft system, cruise control, eco mode, and update the firmware of the scooter.
Talking about the anti-theft system, hackers can also use that system to disable scooters. According to CNET, this problem was initially spotted by security research firm Zimperium along with a proof-of-concept video. According to the findings, the firm added that the problem lies in the way the scooter authenticates the password required to control the scooter with the help of the app. The report went on to state that the authentication is done with the help of Bluetooth but the password “is not being used properly” as part of the process.
Watch: Xiaomi Redmi Note 6 Pro First Look
The password is only used on the app side and the actual scooter is not really keeping track of the authentication. This allows hackers to take control of the actual scooter without the need of the password. Xiaomi issued an official response to the report adding that it has “been working to fix” the problem while “taking down all unauthorized apps”. The company also added that it is working on “an OTA (Over-The-Air) update” for the scooter.
The new update with the fix for the problem “will be available as soon as possible”. The report noted that the hack points out at a significant problem for the company as e-scooters are gradually emerging as a new form of transport in the United States. A number of scooter rental companies across the country are using similar scooters to give them to customers.