WHEN YOU IMAGINE riding a Segway MiniPro electric scooter, your biggest concern is probably falling on your face. Much lower on that list? The notion that attackers could remotely hack your ride, make it stop short, or even drive you into traffic. Unfortunately, as one reacher found, they could have done just that.
When Thomas Kilbride got a Segway MiniPro, its paired mobile app piqued his interest; by day, Kilbride works as an embedded device security consultant at IOActive. The app already has fairly potent capabilities as designed. You can use it to remote control your scooter or shut it off when no one’s on it, and you could even use its social GPS tracking feature to show all Segway MiniPros in an area in real-time. But when Kilbride investigated the security behind those features, he found vulnerabilities that an attacker could exploit to bypass the hoverboard’s safety protections from afar, and take control of the device.