SegwayChat
Home . Old Gallery

Go Back   SegwayChat > Segway Forums > Segway General Discussion

Notices

Segway General Discussion General discussion related to any model of Segways, miniPROs, or Ninebots. Please do not post non-Segway technology posts here; use the technology forum instead.

Reply
 
Thread Tools Display Modes
Old 07-20-2017, 03:00 PM   #1
GregRice
Junior Member
GregRice will become famous soon enough
 
Join Date: Nov 2008
Location: West Palm Beach/Lake Worth, FL
Posts: 94
5 yr Member
Default What’s Next?

What’s next?

It’s not just credit card readers and scanners we need to worry about, now hackers are entering the PT arena and hacking into the Segway Mini Pro firmware. Mini Pro riders beware!


https://www.bleepingcomputer.com/new...y-hoverboards/
__________________

To view links or images in signatures your post count must be 5 or greater. You currently have 0 posts.
GregRice is offline   Reply With Quote
Old 07-20-2017, 11:28 PM   #2
segrick-ATL
Junior Member
segrick-ATL is an unknown quantity at this point
 
Join Date: Oct 2011
Location: Atlanta
Posts: 53
5 yr Member
Default

Thanks for the heads up! Never a dull moment. I got a MP and quick-connect handle to use as my short trip solution that I can easily carry around in my car. Much easier than a 110lb lift for i2. I wouldn't trade for permanent solution, but good 'spare' to have - but only with handle for me.
Never could figure out the "show other MP riders" attraction anyway. Noticed the new version has a follow me mode. Guess that would be hackable also.
__________________
Segrick
segrick-ATL is offline   Reply With Quote
Old 07-21-2017, 11:14 AM   #3
Don M
Member
Don M is on a distinguished road
 
Join Date: Jun 2016
Location: Ocean Springs MS
Posts: 242
5 yr Member
Default

Quote:
Originally Posted by segrick-ATL View Post
Noticed the new version has a follow me mode. Guess that would be hackable also.
Beware! - Then it would 'follow' someone else and you might lose it!

Don
Don M is offline   Reply With Quote
Old 07-21-2017, 03:35 PM   #4
Pescador12
Member
Pescador12 is on a distinguished road
 
Join Date: Dec 2016
Location: USA
Posts: 168
5 yr Member
Default

Not sure that people are hacking Mini Pro's so much as a security expert has proposed how to do it. I think this guy did the same thing for Nest thermostat devices.

I don't like doing firmware updates. The device works fine so I don't bother with the endless demands from software writers to "UPDATE! update now! and again in a few days."
Pescador12 is offline   Reply With Quote
Old 07-26-2017, 10:34 PM   #5
SegwayUtah
Advanced Member
SegwayUtah is just really niceSegwayUtah is just really niceSegwayUtah is just really niceSegwayUtah is just really nice
 
SegwayUtah's Avatar
 
Join Date: Apr 2003
Location: New York, NY
Posts: 2,644
5 yr Member HT/PT Owner SegwayFest Attendee
Default

TL;DR: for pretty much all users this scenario is very unlikely and much lower risk than, say, some devious jerk going low-tech and throwing a bunch of marbles in front of your Ninebot.

As someone who spends some time working in computer security...

From the researcher's video, it looks like the attack relies on a modified Ninebot to succeed. In other words, a hacker would need access to your paired phone and Ninebot (or the ability to pair their own phone to your Ninebot)--and would then need to reprogram the Ninebot with special "attackable" firmware.

That's a much different scenario than some random stranger being able to force your machine to turn off at will. [And again, a bucket full of marbles, or a bucket full of slippery goo, or maybe even a low-power EMP...would all be simpler and more effective troublemaking.]

This is a common issue shared by many, many millions of devices...if someone has physical access to modify a device (either by reprogramming its hardware or by modifying some of its parts) then they can make the device do their bidding.

In this particular case, Segway could issue a firmware update which required all future firmware to be digital-signature-authenticated. For reference, desktop operating systems made that exact move over the last two decades. [There are also nifty things that can be done with crypto-authentication microchips...a topic for another day perhaps.]

Also, please note that everything I just said is a gross oversimplification of the hardware/software security issues inherent in any wirelessly-connected device.

Chris
SegwayUtah is offline   Reply With Quote
Old 07-27-2017, 11:49 PM   #6
Pescador12
Member
Pescador12 is on a distinguished road
 
Join Date: Dec 2016
Location: USA
Posts: 168
5 yr Member
Smile Hack me

Quote:
Originally Posted by SegwayUtah View Post
TL;DR:

In this particular case, Segway could issue a firmware update which required all future firmware to be digital-signature-authenticated. For reference, desktop operating systems made that exact move over the last two decades. [There are also nifty things that can be done with crypto-authentication microchips...a topic for another day perhaps.]

Also, please note that everything I just said is a gross oversimplification of the hardware/software security issues inherent in any wirelessly-connected device.

Chris
The recent article notes that the security expert contacted Ninebot a year ago. There have been several firmware releases since then.

My minipro does not take remote operation while I am standing on it. It beeps and shuts down remote control when you stand on it. Best a hacker could do, if they are chasing me with a phone, is set the speed limit to 6mph. Maybe 3mph. I am not sure since I never use that feature and don't use a phone connection (my wife set up both mini pros with her phone).

I thought about loading the app but loose interest before getting around to setting iTunes to load it. Plus, I hear it drains phone batteries when it is on.

My next thread will be on how to transport two Segways. One in each arm
Pescador12 is offline   Reply With Quote
Old 07-28-2017, 06:04 AM   #7
Clontz
New Member
Clontz is on a distinguished road
 
Join Date: Jul 2017
Location: Petersberg
Posts: 1
5 yr Member
Default

I hate these hackers.
Clontz is offline   Reply With Quote
Old 07-31-2017, 01:55 AM   #8
Kev7
New Member
Kev7 is on a distinguished road
 
Join Date: Jul 2017
Location: Florida
Posts: 4
5 yr Member
Default

Maybe if they used their knowledge for good instead of bad we would all be better off.
Kev7 is offline   Reply With Quote
Old 08-10-2017, 07:47 PM   #9
japaneezy
Junior Member
japaneezy is on a distinguished road
 
Join Date: Oct 2007
Location: Honolulu, HI
Posts: 49
5 yr Member
Default

Quote:
Originally Posted by Don M View Post
Beware! - Then it would 'follow' someone else and you might lose it!

Don
Like the Chinese drones have "flyaways", we're gonna have "rollaways"...
japaneezy is offline   Reply With Quote
Old 08-11-2017, 10:53 AM   #10
Don M
Member
Don M is on a distinguished road
 
Join Date: Jun 2016
Location: Ocean Springs MS
Posts: 242
5 yr Member
Default

Quote:
Originally Posted by Pescador12 View Post
My next thread will be on how to transport two Segways. One in each arm
With your sore feet, that should come in real handy - Instead of riding them, just carry them back home!

Don
Don M is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 08:30 AM.
Copyright © 2002-2023 SegwayChat.org.
All rights reserved. Not affiliated with Segway Inc.

FreshBlue vBulletin skin by
VayaDesign
Powered by vBulletin
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
SegwayChat Archive