Jump to content

Hackers can turn off your Segway mid-ride

Souleye

By Souleye
in General Discussion

Recommended Posts

Cerbera Grand Master

Cerbera

Posted
Posted

Came here to post that :)

Interesting read. I was wondering how many of our devices accept remote connections from additional sources once the rider is connected and moving ? I didn't think my MS3 did, but maybe they can - just remembering how I am able to run both the gotway app, and wheel log at the same time... neither of which require a password (older version of Gotway app)...

But I think you'd have to be damn quick off the mark to interface with an EUC as it goes flying past you - I'd bet in most cases it'll be well out of bluetooth range before they've even discovered its ID... they also have to know (in my case at least) what a gotway is - it is not immediately evident that's a wheel unless you know your electric unicycles. Lastly, neither the Gotway app or wheel log provide any control for turning the machine off, or steering it, so I think that threat really doesn't apply to most EUCers - perhaps it is ONLY the segway that is affected ?

What do we all think ?

I'm gonna guess that even Segway owners shouldn't worry. One advantage of spending a small fortune on a Segway is that those guys are right on the case with their updates. I bet they get that shit secured quick as you like...

CBR

 

 

Link to comment
Share on other sites
Spark Enthusiast

Spark

Posted
Posted

Unfortunately neither Gotway nor KingSong allow the user to even change the bluetooth password and visibility in the original app.
but hey, you can turn bluetooth off with a dedicated button on a KingSong wheel. ;)

If you own a Gotway wheel you might be able to change the pin to a custom one via AT command AT+PIN**** in serial mode.
you could use an arduino or something to connect to KEY,RXD,TXD of the bluetooth module.
On most modules you need to apply some voltage (~3.3v) to the KEY pin to get into programming mode.
An even better solution for security freaks might be a kill switch to just turn off the module, since Gotways dont play music anyway :whistling:
You could cut off the VCC pin on the module and solder a cable to the switch.

Link to comment
Share on other sites
HermanTheGerman Proficient

HermanTheGerman

Posted
Posted
17 hours ago, Spark said:

.... but hey, you can turn bluetooth off with a dedicated button on a KingSong wheel. ;)

This is not completely correct.

You can only turn off the bluetooth link for the music with the button, but not the bluetooth link for vehicle control (the KS app and Wheellog run fine, also when bluetooth music has been turned off with the mentioned button).

You can e.g. change the riding mode while riding, and I assume it is also possible to calibrate the wheel while riding, I didn't test that because I'm too anxious it may work. :D

All in all, I believe that the Kingsong app and firmware is even a lot more vulnerable than Ninebot's. Especially if I take into consideration how long they already work on the new app version, which was promised for April, and how bad the current version (1.4) implements some basic functions, I have absolutely no trust into the app's security and reliability.

I'm using it, because I might be one out of maximum 20 to 40 Kingsong riders all over Austria, this is not an interesting target for hackers.

Link to comment
Share on other sites
Spark Enthusiast

Spark

Posted
Posted
7 hours ago, HermanTheGerman said:

This is not completely correct.

You can only turn off the bluetooth link for the music with the button, but not the bluetooth link for vehicle control (the KS app and Wheellog run fine, also when bluetooth music has been turned off with the mentioned button).

You can e.g. change the riding mode while riding, and I assume it is also possible to calibrate the wheel while riding, I didn't test that because I'm too anxious it may work. :D

hey, thanks for pointing this out to me!

I always thought if I press the bluetooth knob two times in a row its completely off,
cuz my mobile couldn't connect anymore...:huh:  glorious ;) 
anyway, you can still reprogramm a connection pin or install a switch.
On second thought the KingSong wheels might be at a higher risk, as they could potentially be bricked
with an ota firmware update.
However I agree that it's purely academic at this point, riding an EUC through dense city traffic  feels way more threatening :o
hmmm, I do believe there are way more EUC riders in Austria than you think. Generics count too ;)

Link to comment
Share on other sites
Spark Enthusiast

Spark

Posted
Posted
7 hours ago, HermanTheGerman said:

All in all, I believe that the Kingsong app and firmware is even a lot more vulnerable than Ninebot's. Especially if I take into consideration how long they already work on the new app version, which was promised for April, and how bad the current version (1.4) implements some basic functions, I have absolutely no trust into the app's security and reliability.

Security functions, like checking if the wheel is moving before applying changes to the motor parameters should always be implemented in the wheels firmware,

if the mobil app has to check for such stuff all alone, there is no security whatsoever, it would be completely wrong from a devs point of view. :)

once a 'hacker' overrides the app's security checks the firmware has to reject the new settings while the wheel is in motion.

The KingSong app is pretty bad but gold compared to what my friend uses for his Gotway MSuper v2 ;)

Link to comment
Share on other sites
steve454 Grand Master

steve454

Posted
Posted
9 hours ago, HermanTheGerman said:

You can e.g. change the riding mode while riding, and I assume it is also possible to calibrate the wheel while riding, I didn't test that because I'm too anxious it may work. :D

Not on a Ninebot, you have to turn the wheel off to save the settings.  You can change the riding sensitivity while riding, but it won't take effect until you turn restart the wheel. ALAFAIK  At least as far as the riding mode.  I haven't tried to calibrate the level while riding.:huh:  That's a good idea!  Except, no, the wheel has to be locked to calibrate, and you cannot lock it while riding.  You can change the riding mode while riding, but it won't change until the next restart. I imagine all good wheels do that.  Especially Kingsong and Gotway.

And then the app and firmware take over,

Link to comment
Share on other sites
HermanTheGerman Proficient

HermanTheGerman

Posted
Posted
5 hours ago, steve454 said:

Not on a Ninebot, you have to turn the wheel off to save the settings.  You can change the riding sensitivity while riding, but it won't take effect until you turn restart the wheel. ALAFAIK  At least as far as the riding mode.  I haven't tried to calibrate the level while riding.:huh:  That's a good idea!  Except, no, the wheel has to be locked to calibrate, and you cannot lock it while riding.  You can change the riding mode while riding, but it won't change until the next restart. I imagine all good wheels do that.  Especially Kingsong and Gotway.

And then the app and firmware take over,

You are right, you can't calibrate it while riding, it's not possible because of the procedure.

But you can change the riding mode while riding, and it is applied immediately, and I see that as an advantage.  When I change from asphalt to offroad, I change the mode from "players" to "riding" without the need to step off, since another forum member found out that this is possible.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

Go to topic listing
×
×
  • Create New...