Cybercriminals Can Hack E-Scooters to Eavesdrop on Riders: Researchers

Cybercriminals Can Hack E-Scooters to Eavesdrop on Riders: Researchers

Vendors of Micromobility vehicles can suffer DoS attacks and data leaks

HIGHLIGHTS
  • Hackers can cause a series of attacks in e-scooters
  • Some e-scooter models communicate with the rider’s smartphone
  • Global e-bike market is projected to grow at 9.01 percent

As governments including in India plan more e-bikes on roads to help tackle traffic congestion, like any Internet-connected device, hackers can cause a series of attacks in e-scooters, including  eavesdropping on users and even spoof GPS systems to direct riders to unintended locations, warn researchers including some of Indian-origin. Vendors of Micromobility vehicles can also suffer denial-of-service (DoS) attacks and data leaks, said researchers from University of Texas at San Antonio.

“We have identified and outlined a variety of weak points or attack surfaces in the current ride-sharing, or micromobility, ecosystem that could potentially be exploited by malicious adversaries right from inferring the riders’ private data to causing economic losses to service providers and remotely controlling the vehicles’ behaviour and operation,” said Jadliwala.

The micromobility e-scooter analysis was conducted by Jadliwala alongside graduate students Nisha Vinayaga-Sureshkanth, Raveen Wijewickrama and post-doctoral fellow Anindya Maiti.

The global e-bike market is projected to grow at a CAGR of 9.01 percent to reach $38.6 billion by 2025 from an estimated $21.1 billion in 2018, according to marketsandmarkets research firm.

Computer science experts at the university have published the first review of the security and privacy risks posed by e-scooters and their related software services and applications.

According to the review, to appear in the proceedings of the 2nd ACM Workshop on Automotive and Aerial Vehicle Security (AutoSec 2020), hackers can cause a series of attacks.

Some e-scooter models communicate with the rider’s smartphone over a Bluetooth Low Energy channel.

Someone with malicious intent could eavesdrop on these wireless channels and listen to data exchanges between the scooter and riders’ smartphone app by means of easily and cheaply accessible hardware and software tools such as Ubertooth and WireShark.

Those who sign up to use e-scooters also offer up a great deal of personal and sensitive data beyond just billing information.

According to the study, providers automatically collect other analytics, such as location and individual vehicle information