It’s Kind of Terrifying That Your Segway Could Be Hacked

In a lighthearted sense, watching someone randomly get thrown off their Segway hover board is kind of hilarious . . . if they don’t get hurt. On the other hand, if the Segway has to be hacked in order for that to happen – well, it’s not worth it.

Recent research and experiments have proven that Segways (the Segway Ninebot MiniPRO to be exact) can, in fact, be hacked. The hack is via two key omissions of the Segway designers: all Ninebot MiniPROs have the same PIN codes and none of them bother to check the legitimacy of their firmware.

“Even though the rider could set a PIN, the hover board did not actually change its default pin … This allowed me to connect over Bluetooth while bypassing the security controls. I could also document the communications between the app and the hover board, since they were not encrypted.”

Researchers involved in this project successfully manipulated these flaws in order to upload their own firmware. This allowed the researchers to:

  • Shut the boards down completely
  • Change the colors of the lights
  • Disable safety mechanisms
  • Driving (not flying) them off

An example tutorial showed the official Ninebot smartphone app being used to control certain functions of the hover board and other “interesting” things. For example, the user was able to find the location of nearby riders.

Since discovering the flaw in the official app, the feature has been removed. However, that doesn’t mean the danger is gone.

The terrifying part is that anyone with the ability to manipulate hover boards like this is a threat to the community. Provided they use it for harmful purposes, a person being thrown from a hover board is funny until they break a bone – or worse.

People do stupid things. It’s in our human nature to test the limits of our existence. Unfortunately, that might also be the downfall of us.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients