Segway Ninebot MiniPRO Hoverboard

Imagine a scene in the next instalment of the Paul Blart: Mall Cop franchise. Criminals attack a bank and the mall cop races to save the day. As he comes around the corner his Segway one of the criminals gets out his smartphone, turns the mall cop around and sends him off in the other direction. Worse still, it drives at high speed towards a fountain and at the last minute comes to an abrupt halt dumping him in the water. It has all the hallmarks of a classic piece of Hollywood comedy but it could soon happen.

Security vendor IOActive has released new research showing  serious security vulnerabilities in the Segway/Ninebot MiniPRO Hoverboard. The research was conducted by IOActive Embedded Devices Security Consultant, Thomas Kilbride. He claims: “An attacker could bypass safety systems and remotely take control of the device, including changing settings, pace, direction, or even disabling the motor and bringing it to an abrupt and unexpected stop while a rider is in motion.”

How compromised is the Segway security?

Reading the report (see link above) the vulnerabilities are very real and pose a significant danger. Segway’s have been around a long time. They are used by law enforcement and by tour groups in several cities around the world. In the UK they are not legal for use on the roads or pavements. In other countries their use is strictly regulated. The model looked at here can move at 10mph and has a range of around 18 miles.

In the US, the FTC has put controls on some of the physical components. However, there are no controls or standards on the firmware. According to Kilbride: “FTC regulations do require scooters to meet certain mechanical and electrical specifications to help avoid battery fires and various mechanical failures. However, there are currently no regulations centered on firmware integrity and validation, despite being integral to the safety of the system. As my research indicates, this lack of regulation could lead to a number of dangerous situations.”

The depth of the vulnerabilities will raise concerns with a lot of cyber security and privacy experts. Kilbride discovered that he could track and locate all the Segway’s in the area. This meant that he could jump from one hoverboard to another without rider’s knowing he was there. This means that an attacker could hide in plain site using a hacked hoverboard and use that to launch attacks on other riders.

Another major worry was that firmware updates could be undertaken without any authentication. The lack of even a PIN to allow an update to be applied is a major security failure.

What does this mean?

IOActive has disclosed everything they did to Segway/Ninebot. Some of the security issues have now been addressed through a new version of the software. It will be interesting to see how quickly it is installed by users. There is a need for any organisation that is using Segway/Ninebot to immediately check that all their devices have been patched. They will also want to be reassured that the security issues are under control.

LEAVE A REPLY

Please enter your comment!
Please enter your name here