Electric scooters are not only ours here, but also an increasingly popular product category abroad. Although Xiaomi is not too early to enter the market, it has developed well in the United States because of the cooperative sharing of scooter manufacturers. However, mobile security company Zimperium found that the Bluetooth module of Xiaomi’s M365 electric scooter (which should be the Mijia electric scooter) has a loophole that allows hackers to “remote” the throttle of the scooter.
This vulnerability exploits the connection between the Bluetooth module and the mobile app. The hacker can connect directly to the M365 system without special passwords or confirmations, and when the hacker uploads malware to the machine, the system will not Confirm that the software is from a trusted official source. This allows them to do the acceleration and deceleration of any remote-controlled scooter, placing the rider at great risk. After Zimperium notified Xiaomi of the vulnerability, Xiaomi said that he had recognized the problem and was working with the manufacturers of electric scooters in the ecosystem to solve the problem.
In addition to the hope that the two parties will cooperate quickly to solve the problem, there seems to be no better way for buyers.
Correction: The part of the Bluetooth module in the text.
Update: The official statement is as follows:
Xiaomi is aware that there may be loopholes in the Xiaomi Mijia electric scooter, which allows the hacker to maliciously hinder the normal operation of the scooter. When we became aware of this vulnerability, we immediately repaired it and intercepted all unauthorized applications. Xiaomi’s product development and security team will launch an software update (OTA, Over-the-Air) as soon as possible.
Xiaomi attaches great importance to the valuable opinions of users and the community, and is committed to making improvements to build better and safer products.