Hackers Have Figured Out How to Control a Segway Remotely

Dangerous firmware vulnerability allows for full takeover of the MiniPro electric scooter.

August 5, 2017 5:00 am

Segway riders’ safety concerns are typically focused on things like not crashing or falling off. But now they should also include an unlikely threat: hacking.

A cybersecurity firm discovered a flaw in the Segway MiniPro that makes it possible for hackers to control the electric scooter while it’s in use. Vulnerabilities in the Internet of Things are rarely life-threatening, but this could be one of them.

The Segway MiniPro pairs with a smartphone that lets users control it remotely or turn it off if no one’s on it. According to Wired, Thomas Kilbride from IOActive discovered the electric scooter’s protections could be easily bypassed. The app can push firmware updates to the Segway to fix common problems or add improvements, but there were no safeguards to ensure those firmware updates actually came from Segway.

“Under the right circumstances, if somebody applies a malicious firmware update, any attacker who knows the right assembly language could then leverage this to basically do as they wish,” Kilbride said in an interview with Wired.

 

The InsideHook Newsletter.

News, advice and insights for the most interesting person in the room.