07-20-2017, 03:00 PM | #1 |
Junior Member
Join Date: Nov 2008
Location: West Palm Beach/Lake Worth, FL
Posts: 94
|
What’s Next?
What’s next?
It’s not just credit card readers and scanners we need to worry about, now hackers are entering the PT arena and hacking into the Segway Mini Pro firmware. Mini Pro riders beware! https://www.bleepingcomputer.com/new...y-hoverboards/
__________________
To view links or images in signatures your post count must be 5 or greater. You currently have 0 posts. |
07-20-2017, 11:28 PM | #2 |
Junior Member
Join Date: Oct 2011
Location: Atlanta
Posts: 53
|
Thanks for the heads up! Never a dull moment. I got a MP and quick-connect handle to use as my short trip solution that I can easily carry around in my car. Much easier than a 110lb lift for i2. I wouldn't trade for permanent solution, but good 'spare' to have - but only with handle for me.
Never could figure out the "show other MP riders" attraction anyway. Noticed the new version has a follow me mode. Guess that would be hackable also.
__________________
Segrick |
07-21-2017, 11:14 AM | #3 |
Member
Join Date: Jun 2016
Location: Ocean Springs MS
Posts: 242
|
|
07-21-2017, 03:35 PM | #4 |
Member
Join Date: Dec 2016
Location: USA
Posts: 168
|
Not sure that people are hacking Mini Pro's so much as a security expert has proposed how to do it. I think this guy did the same thing for Nest thermostat devices.
I don't like doing firmware updates. The device works fine so I don't bother with the endless demands from software writers to "UPDATE! update now! and again in a few days." |
07-26-2017, 10:34 PM | #5 |
Advanced Member
Join Date: Apr 2003
Location: New York, NY
Posts: 2,644
|
TL;DR: for pretty much all users this scenario is very unlikely and much lower risk than, say, some devious jerk going low-tech and throwing a bunch of marbles in front of your Ninebot.
As someone who spends some time working in computer security... From the researcher's video, it looks like the attack relies on a modified Ninebot to succeed. In other words, a hacker would need access to your paired phone and Ninebot (or the ability to pair their own phone to your Ninebot)--and would then need to reprogram the Ninebot with special "attackable" firmware. That's a much different scenario than some random stranger being able to force your machine to turn off at will. [And again, a bucket full of marbles, or a bucket full of slippery goo, or maybe even a low-power EMP...would all be simpler and more effective troublemaking.] This is a common issue shared by many, many millions of devices...if someone has physical access to modify a device (either by reprogramming its hardware or by modifying some of its parts) then they can make the device do their bidding. In this particular case, Segway could issue a firmware update which required all future firmware to be digital-signature-authenticated. For reference, desktop operating systems made that exact move over the last two decades. [There are also nifty things that can be done with crypto-authentication microchips...a topic for another day perhaps.] Also, please note that everything I just said is a gross oversimplification of the hardware/software security issues inherent in any wirelessly-connected device. Chris |
07-27-2017, 11:49 PM | #6 | |
Member
Join Date: Dec 2016
Location: USA
Posts: 168
|
Hack me
Quote:
My minipro does not take remote operation while I am standing on it. It beeps and shuts down remote control when you stand on it. Best a hacker could do, if they are chasing me with a phone, is set the speed limit to 6mph. Maybe 3mph. I am not sure since I never use that feature and don't use a phone connection (my wife set up both mini pros with her phone). I thought about loading the app but loose interest before getting around to setting iTunes to load it. Plus, I hear it drains phone batteries when it is on. My next thread will be on how to transport two Segways. One in each arm |
|
07-28-2017, 06:04 AM | #7 |
New Member
Join Date: Jul 2017
Location: Petersberg
Posts: 1
|
I hate these hackers.
|
07-31-2017, 01:55 AM | #8 |
New Member
Join Date: Jul 2017
Location: Florida
Posts: 4
|
Maybe if they used their knowledge for good instead of bad we would all be better off.
|
08-10-2017, 07:47 PM | #9 |
Junior Member
Join Date: Oct 2007
Location: Honolulu, HI
Posts: 49
|
|
08-11-2017, 10:53 AM | #10 |
Member
Join Date: Jun 2016
Location: Ocean Springs MS
Posts: 242
|
|
Currently Active Users Viewing This Thread: 1 (0 members and 1 guests) | |
|
|