What’s Next?
What’s next?
It’s not just credit card readers and scanners we need to worry about, now hackers are entering the PT arena and hacking into the Segway Mini Pro firmware. Mini Pro riders beware! https://www.bleepingcomputer.com/new...y-hoverboards/ |
Thanks for the heads up! Never a dull moment. I got a MP and quick-connect handle to use as my short trip solution that I can easily carry around in my car. Much easier than a 110lb lift for i2. I wouldn't trade for permanent solution, but good 'spare' to have - but only with handle for me.
Never could figure out the "show other MP riders" attraction anyway. Noticed the new version has a follow me mode. Guess that would be hackable also. |
Quote:
Don |
Not sure that people are hacking Mini Pro's so much as a security expert has proposed how to do it. I think this guy did the same thing for Nest thermostat devices.
I don't like doing firmware updates. The device works fine so I don't bother with the endless demands from software writers to "UPDATE! update now! and again in a few days." |
TL;DR: for pretty much all users this scenario is very unlikely and much lower risk than, say, some devious jerk going low-tech and throwing a bunch of marbles in front of your Ninebot.
As someone who spends some time working in computer security... From the researcher's video, it looks like the attack relies on a modified Ninebot to succeed. In other words, a hacker would need access to your paired phone and Ninebot (or the ability to pair their own phone to your Ninebot)--and would then need to reprogram the Ninebot with special "attackable" firmware. That's a much different scenario than some random stranger being able to force your machine to turn off at will. [And again, a bucket full of marbles, or a bucket full of slippery goo, or maybe even a low-power EMP...would all be simpler and more effective troublemaking.] This is a common issue shared by many, many millions of devices...if someone has physical access to modify a device (either by reprogramming its hardware or by modifying some of its parts) then they can make the device do their bidding. In this particular case, Segway could issue a firmware update which required all future firmware to be digital-signature-authenticated. For reference, desktop operating systems made that exact move over the last two decades. [There are also nifty things that can be done with crypto-authentication microchips...a topic for another day perhaps.] Also, please note that everything I just said is a gross oversimplification of the hardware/software security issues inherent in any wirelessly-connected device. :) Chris |
Hack me
Quote:
My minipro does not take remote operation while I am standing on it. It beeps and shuts down remote control when you stand on it. Best a hacker could do, if they are chasing me with a phone, is set the speed limit to 6mph. Maybe 3mph. I am not sure since I never use that feature and don't use a phone connection (my wife set up both mini pros with her phone). I thought about loading the app but loose interest before getting around to setting iTunes to load it. Plus, I hear it drains phone batteries when it is on. My next thread will be on how to transport two Segways. One in each arm :) |
I hate these hackers.
|
Maybe if they used their knowledge for good instead of bad we would all be better off.
|
Quote:
|
Quote:
Don |
All times are GMT -4. The time now is 07:19 AM. |
Powered by vBulletin
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Copyright 2002-2024 SegwayChat.org
All rights reserved.