An electric scooter trendy with ride-sharing & dockless services can be made to abruptly brake or accelerate mid-ride. This is due to an error in the Bluetooth module of the device, claimed Zimperium (security research firm) to the media in an interview. In a video posted, researchers at Zimperium were capable of demonstrating their “proof of concept” comprising popular M365 scooter by Xiaomi. The scooter was developed to let consumers to distantly lock it employing a Bluetooth-supported app, avoiding someone from using it.
Via the hack, Zimperium was capable of targeting any passerby using any Xiaomi M365—locking the scooter, as well as forcing it to brake and accelerate, without accessing the scooter physically. The researchers can issue instructions to influence any scooter up to 328 Feet (100 Meters) away. The security flaw can be employed by malicious attackers to perform a number of attacks. A malware attack can be employed to download a new firmware that can take complete control of the scooter, while a DoS (Denial of Service) attack can be employed to remote lock any scooter.
On a related note, earlier hackers drained off huge amounts of money from Amazon (the e-shopping behemoth) by breaking into more than 1,500 subscribers’ Amazon accounts. The hackers substituted users’ bank account details and diverted the refund money to their personal Airtel e-wallets.
The fraud was noticed when a huge number of Amazon users complained to the firm that their refunds had not been transferred into their bank accounts. Following the grievances, the firm performed an internal review and discovered that the money had been drained off by cyber attackers. Users who wished to return their buyouts were asked by the firm to include their bank accounts to their account profiles on Amazon. The attackers got hold of the mobile numbers of these users (who had originally paid COD) and contacted them by pretending to be officials from Amazon.