If you heard about the scooter hacking problems encountered by companies you should check it out since it can put you in danger. Hackers are now able to lock, accelerate or brake the scooter from 300 feet. Also, they found a way to use the renting service for free and to deactivate the GPS on these scooters.
How are they doing this?
The hackers are using a Denial of Service (DoS) attack to lock without physically touching any scooter. Furthermore, a malware attack might be used to install completely new firmware in order to obtain full control of the electric scooter.
Why are scooters considered easy targets?
Not long ago, several companies started flooding big cities with electric scooters for everybody to rent since using one of these vehicles only required a mobile app. Scooters quickly became easy targets for hackers because they were generally unsupervised.
Because there was no permanent station to return the scooter after renting it, most of them were simply lying around houses, shops, or parks. Some users rented a scooter just to look for a way to hack or steal it and it seems they were successful.
Getting free rides
For some scooter riders, the price is not small enough. It seems that paying $1 at the start of the trip and 10 to 15 cents per minute when renting a scooter is simply too much. So they found a way to use the renting service for free.
For a while this summer, some e-scooter riders were getting unlimited free rides because the activation process had a little glitch. They synced with an available scooter just like they would normally do and after the ride, they would lift it off the ground.
This way, they would cancel the trip and they could travel as much as they wanted without being charged. It didn’t take long before this method became viral through social media so the companies fixed the problem as fast as possible.
Hackers could lock the scooters
The application used to rent a scooter is designed to allow clients to remotely lock it through a Bluetooth-enabled app. Through this security measure, scooters couldn’t be used without the identification of the client.
A group of researchers demonstrated that electric scooters could be locked from a distance by a malicious hacker. Without physically accessing the e-scooter, they were able to issue commands to scooters within a 300 feet range. Also, they didn’t need any high tech devices as the experiment was conducted using a regular smartphone.
This might be one of the biggest threats to riders and renting scooters companies as it compromises the safety of the rider. Driving on the street or going down on a hill and suddenly having your wheels locked out of nowhere will put the rider in a very dangerous situation.
Accelerating and braking
People are using electric scooters for a relaxing, smooth ride to the office. Some of the commuters might be stressed out by the fact that hackers can remotely accelerate or brake the electric scooter. Hackers could take control of the e-scooters using the incorporated Bluetooth system.
This caused some of the customers to think twice before using the popular scooter sharing system. Having a security glitch this big could make you run through red lights or stop in the middle of the street thus endangering yourself and other traffic participants.
Are the companies aware of the problem?
It may surprise you, but the companies tend to consider these problems as insignificant. Company representatives told the media that scooter vandalism or theft are rare because they are often used by customers.
They are confident that the discovered glitches are not affecting their ability to continue their business. This sounds like an open invitation for everyone not willing to respect the user agreement. After all, people have ignored the rules since the beginning of the sharing system.
Almost every e-scooter rider doesn’t wear a helmet despite protective equipment is mandatory. Furthermore, they are ignoring rules set both by the service provider and the local authorities as they are driving the scooters on the streets.
Every client has to read and accept the user agreement before renting an electric scooter. Nevertheless, a lot of the customers are under 18 years old and they don’t have a valid driver’s license which is required for usage.
Messing with the audio system
In terms of hacking an electric scooter, a group of hackers got a bit more creative. They replaced the standard audio files with some of their own. For example, some e-scooters were reprogrammed to ask where did the driver go when parked.
In Brisbane, things were a bit more serious as several scooters were hacked to make a range of racist or sexual comments. The company representatives said the prank was not amusing and they returned the scooters to their initial state in a couple of days.
The GPS feature
It didn’t take much for ill-intentioned people to realize how to deactivate the GPS. Apparently, after removing the protective housing of the scooter’s “brain”, they remove the SIM card or disconnect the modem. The task doesn’t take a lot of time or advanced mechanical skills.
Motorized homeless people
It seems that many homeless people know how to make scooters disappear. According to the owner of an electric bike store in San Francisco, they remove the scooter’s brain, scratch off the logos and literally hotwire the scooter. The method is so popular that some of them have two or three electric scooters.
Returning “stolen” scooters
It is against the law to have an electric scooter parked overnight in a public space. So the renting companies are paying local contractors (known as “juicers”) to pick the scooters up, recharge them overnight, and return them to their locations the next morning.
The main problem is the GPS turns off when the scooter’s battery is empty. So the companies have no way to track the scooters when this happens. Some of the juicers are picking up the scooters with empty batteries without planning to charge them. They simply wait until the reward for “stolen” scooters gets bigger before returning them.
Replacing the controlling unit
The scooters available for rent are in general standard off-the-shelf units, imported from China so their security level might not be that good. The “brain box” contains the GPS unit, a cellular modem, and other parts that make it possible for customers to rent a scooter through the app.
The hacking kit
Through the power of the internet, free e-scooter enthusiasts found out about the hacking kit. The price for a kit was around $30 and its delivery took several weeks as it was shipped from China. So a large number of people ordered it wishing to have a personal electric scooter.
The kit was virtually a plug-and-play method to disable the tracking and payment features to make the scooter your own. Owning a $400 electric scooter using a $30 kit was tempting enough for some customers to steal the unsupervised e-scooters.
How to legally hack an e-scooter
Some of the city officials were not pleased by some companies simply setting shop without asking for permission. In several cities, thousands of scooters were dropped on the sidewalk overnight, surprising the municipality.
Besides this sudden appearance, there were other issues caused by the presence of the scooters. Blocking the sidewalks, speeding through pedestrians, or serious accidents were just a part of it. So the officials decided to tow them away.
This is a great opportunity to buy a dozen scooters for a few hundred bucks. Only the batteries and electronic parts are worth thousands of dollars. If you can handle a screwdriver and a soldering iron, you can transform these scooters so you can sell them.
To convert them you will need the Chinese conversion kit and a screwdriver that has the right security bits. You might not find it at the local hardware store but online stores are more than willing to help. So if you live in a small city, you can start your own rental business. This is, of course, just theory. You shouldn’t really think of ever doing anything illegal..really!
How companies are reacting
The renting operators intend to upgrade the scooters’ level of security. Modifying a scooter’s operating system requires advanced knowledge of the used software, expertise that’s limited to a small number of people.
However, the new problems regarding the scooters’ security have raised worries about the capability of electric scooter operating systems to be hacked, putting riders in serious danger.