New research finds e-scooters can be hacked.
Researchers at the University of Texas at San Antonio have published the first review of the security and privacy risks posed by e-scooters and their related software services and applications. “We were already investigating the risks posed by these micromobility vehicles to pedestrians’ safety. During that study, we also realized that besides significant safety concerns, this new transportation paradigm brings forth new cybersecurity and privacy risks as well,” noted Murtuza Jadliwala, an assistant professor in the Department of Computer Science who led the study.
According to the study, hackers can cause a series of attacks, including eavesdropping on users and even spoof GPS systems to direct riders to unintended locations. Vendors of e-scooters can suffer denial-of-service attacks and data leaks.
“We’ve identified and outlined a variety of weak points or attack surfaces in the current ride-sharing, or micromobility, ecosystem that could potentially be exploited by malicious adversaries right from inferring the riders’ private data to causing economic losses to service providers and remotely controlling the vehicles’ behavior and operation,” said Jadliwala.
According to the report, some e-scooter models communicate with the rider’s smartphone over a Bluetooth Low Energy channel. "Someone with malicious intent could eavesdrop on these wireless channels and listen to data exchanges between the scooter and riders’ smartphone app by means of easily and cheaply accessible hardware and software tools such as Ubertooth and WireShark," says the study.
Those who sign up to use e-scooters also offer up a great deal of personal and sensitive data beyond just billing information, notes a release. According to the study, providers automatically collect other analytics, such as location and individual vehicle information. This data can be pieced together to generate an individual profile that can even include a rider’s preferred route, personal interests, and home and work locations.
“Cities are experiencing explosive population growth. Micromobility promises to transport people in a more sustainable, faster and economical fashion,” added Jadliwala. “To ensure that this industry stays viable, companies should think not only about rider and pedestrian safety but also how to protect consumers and themselves from significant cybersecurity and privacy threats enabled by this new technology.”