Love 'em or hate 'em, Segways are here to stay. They provide a convenient calorie-retaining way to tour zoos and for Vladimir Putin to play basketball . On the downside, they can be hacked.
Computer engineers have found a security flaw in the Segway miniPRO that lets them take complete control of the futuristic unicycle using nothing more than a smartphone.
Read more: Sex toy surveillance: more Wi-Fi enabled devices vulnerable to hacking
"The scooter has functionality which listens for a command to turn its motors off – but under normal conditions, there is a safety feature which prevents this from happening when a rider is standing on the hoverboard," says Thomas Kilbride, an embedded devices security consultant at IOActive.
Kilbride, who owns two Segways – one black, one white – managed to bypass the Segway's human-detecting safety features to apply a malicious firmware update. "This allows the attacker to turn the motors off or remote control the device even if a rider is on the board and in-motion," Killbride explains. In plain English, it means you can send someone into a faceplant.
In a video demonstrating the vulnerability, IOActive shows the Segway's motor being disabled and then moved using a smartphone. The Segway wasn't travelling at top speed to avoid injury.
While inspecting the Segway model Kilbride was able to compromise the device by intercepting communications between it and a mobile application – with a PIN not being required. "The IOActive researcher reverse-engineered the scooter’s communications protocol using a Bluetooth sniffer," the firm writes in a paper published alongside its findings.
From here it was possible to update the firmware and also find similar models of Segway using the smartphone apps of other owners. IOActive reported the findings to Ninebot – the owner of Segway in question – in January 2017 and it says an updated version of the app (3.20) was launched in April to address the issues.
WIRED has contacted Ninebot asking for confirmation that the issues have been fixed but had not received a response at the time of publication.
While no instances of Segway hacking have been reported in the wild, there are also some limitations to controlling the device. To be able to move the Segway from a phone, the hacker would have to be within range of it. Kilbride says he didn't test how far away it is possible to control it from but believes it would be up to 200 metres.
This article was originally published by WIRED UK
