Now add cybersercurity concerns to the list: Researchers from the mobile security firm Zimperium are warning that Xiaomi’s popular M365 scooter model has a worrying bug.
Rani Idan, Zimperium’s director of software research, says he found and was able to exploit the flaw within hours of assessing the M365’s security.
His analysis found that the scooters contain three software components: battery management, firmware that coordinates between hardware and software, and a Bluetooth module that lets users communicate with their scooter via a smartphone app.
Idan quickly found that he could connect to the scooter via Bluetooth without being asked to enter a password or otherwise authenticate.
From there, he could go a step further and install firmware on the scooter without the system checking that this new software was an official, trusted Xiaomi update.
“I was able to control any of the scooter features without authentication and install malicious firmware,” Idan says.
Zimperium is concerned about what will happen with Idan’s findings, because when the company contacted Xiaomi to disclose the bugs, the scooter maker said it is aware of the problem and doesn’t have the ability to fix it on its own.
Xiaomi M365 scooters are a popular consumer choice, and have even been used by ride sharing companies like Lyft and the scooter-specific service Bird.
A customized version of the M365 was Bird’s first scooter model, but the company has already begun phasing it out unrelated to this research.
Done Katch’ng up but want to read more? Read more here.