In a statement released recently from research group Zimperium, “During our research, we determined that password is not being used properly as part of the authentication process with the scooter and that all commands can be executed without the password.”
Unfortunately for Xiaomi, this is an issue that will impact them very hard. Xiaomi provides eScooters for some of the most well known eScooter sharing companies in the world including Bird and Spin. The biggest problem with these security issues are that a hacker could potential take full control of the scooter and make the vehicle accelerate or brake as someone is riding. As well, the researchers at Zimperium were able to control the eScooter’s anti-theft system, various riding modes, cruise control settings, and were also able to update the vehicle’s firmware without using a password.
This is not the first time that this issue has come up. Previously, a Segway model called the Mini Pro was found to have similar issues in 2017. Segway is owned by the Chinese company Ninebot, which Xiaomi is significantly invested in.
Is there an Upside?
The good news is this: Considering that the eScooter’s firmware is able to be updated (unlike many other eScooters), Xiaomi has the ability to make a software patch in order to fix the authentication issues with their eScooter. It’s not far-reaching to think that this could happen to other brands as well. Some other eScooter manufacturers use an app to control many aspects of their scooters, including how much regenerative braking the eScooter will use, or even to control cruise control settings. I suspect that the new theme in the eScooter world this year will be security.
Want to know more about the Mi Electric Scooter? Head on over and check out our review.
Please note: eScootNews.com gets commissions for purchases made through links in this post.
Purchasing items through these links help to support our website and corresponding Youtube Channel.