The Merkle

Firmware Update Prevents Hackers From Remotely Controlling Hoverboards

Segway hoverboards can be a threat to personal safety. Not only are these machines quite prone to accidents, but there are also plenty of security flaws on the software side. Ninebot, the company responsible for making these hoverboards, had to issue an emergency firmware update to address these issues. Having a hacker remotely control the Segway would be quite problematic.

Ninebot Addresses Major Segway Flaws

It is good to see hardware manufacturers take the appropriate course of action when security flaws are discovered. Instead of letting these issues play out on their own, the company issued a firmware update recently. This update is supposed to address various security vulnerabilities affecting Segway hoverboards. Hackers had been able to remotely control these machines and do all kinds of harm in the process.

Even though those flaws were discovered back in 2016, it has taken Ninebot some time to properly address the issues they presented. Three major flaws were identified by researcher Thomas Kilbridge. The first one would allow anyone in the world to connect to a Segway hoverboard via Bluetooth without any problems. Bluetooth allows users to exchange data and information, which poses a massive security risk. What made this connection possible was the default Bluetooth access PIN used by Segway hoverboards. Thankfully, that issue is now resolved.

The second issue allowed attackers to trick hoverboards into downloading malicious firmware updates. Since there was no checksum to validate the integrity of these firmware updates, the hardware would download and install the software without any problems. The final vulnerability affected the mobile Segway companion app, which displays locations of nearby Segway users. This could be used by attackers to target other vulnerable hoverboards. Displaying these locations was a breach of user privacy and probably should not have existed in the first place.

Exploiting any of those weaknesses could have ultimately led to the stealing of Segway hoverboards. The devices could have been controlled remotely to move away from their owners and park in a specified location where they could have been picked up by hackers. Attackers could have overridden security measures as well, allowing the machines to overheat. They could have caused physical harm as well, by making hoverboards speed up or brake when the users did not expect it.

In the end, it is good to see Ninebot finally having addressed these issues, though they took more time than expected. Segway hoverboards have become rather popular all over the world. It is now up to device owners to manually update their firmware, as this is not automatic. Until owners completes this update, their Segway hoverboards will remain susceptible to these types of attack.  The video below showcases these vulnerabilities and how they can impact the hardware.