Jump to content

EUC Hijacking


RenaissanceMan

Recommended Posts

While riding an EUC is there a danger of malfunction  - be it inadvertent or even intentional - as a result of bluetooth interference? I'm thinking of the numerous mobile devices that we are likely to pass on close range e.g. on an urbane trip?

And what about - again, inadvertent, e.g. in a group of riders, or intentional - attempts to connect to someone else's wheel using one of the available apps specialized for that type of wheel? For example, KS16 connects to the Kingsong and WheelLog apps the same time with no acknowledgement from the apps or from the wheel itself.

What can we do about such possibly dangerous interference?

Are there wheels prepared for that kind of scenario?

Link to comment
Share on other sites

I think most EUC's BT functions are ignored while you are in motion and even if someone connects to your wheel they will not be able to stop or reduce your speed etc. So no danger here.

Another thing is that the person have to know your BT code and install the right app.

Link to comment
Share on other sites

12 hours ago, Vik's said:

Another thing is that the person have to know your BT code and install the right app.

There is no code for KS wheels - app will connect to the wheel without any permissions as long as no other app is already connected.

Some wheels (like Solowheel Xtreme or Lhotz as @The Fat Unicyclist mentioned) have the BT visible only 60 - 120 seconds after power up but that's not the case with KS wheels. BT is available all the time.

@RenaissanceMan However the app will not connect automatically / by "accident" to the wheel it was not connected to before - that goes for both official KS apps as well as WheellLog so someone would need to manually / on purpose select your wheel to connect to it and will be able to do so only if your own app (KS or WheelLog) is not connected already.

Link to comment
Share on other sites

On MicroWorks board and firmware, seems the Bluetooth is very basic and robust because is an external module to firmware. Firmware ignores some commands like the ones to for instance, calibrate the wheel if it is moving.

See all the technical details here: https://github.com/EGG-electric-unicycle/documentation/wiki/MicroWorks-30B4-30kmh-controller-board-with-bluetooth

Link to comment
Share on other sites

7 hours ago, electric_vehicle_lover said:

On MicroWorks board and firmware, seems the Bluetooth is very basic and robust because is an external module to firmware. Firmware ignores some commands like the ones to for instance, calibrate the wheel if it is moving.

See all the technical details here: https://github.com/EGG-electric-unicycle/documentation/wiki/MicroWorks-30B4-30kmh-controller-board-with-bluetooth

I have not found an explanation of which bluetooth commands are ignored by the firmware or the controller. But it says:

"NOTE: all the bytes sent in the commands should have a delay of 500ms between each of them."

So that sounds like the firmware could be disturbed by a rapid sequence of commands, eg. originating from more than one apps.

Link to comment
Share on other sites

20 hours ago, Vik's said:

I think most EUC's BT functions are ignored while you are in motion and even if someone connects to your wheel they will not be able to stop or reduce your speed etc. So no danger here.

@Vik's

Any reference for that, in particular for Kingsong EUCs?

7 hours ago, Shoe73 said:

Even if someone connects to your wheel they can't do that much harm, it's not like the wheel will go crazy and crash or anything. Not a dangerous situation, I would say. 

@Shoe73

Any reference for that, in particular for Kingsong EUCs?

Link to comment
Share on other sites

10 hours ago, The Fat Unicyclist said:

You could try wrapping your wheel in tinfoil to block the signal...

It should work like my tinfoil hat (which stops the government from reading my thoughts).  :wacko:

The team I used to work for included the Post Office Radio Interference team, they convinced the PO to allow them to build a Faraday Cage room so test equipment was shielded from external RF noise. Their party trick demonstration was to tune a radio to an FM broadcast station and then shut the door at which point the radio would go dead. What was surprising was that if the door was open by even the smallest crack the radio still worked well.

The point I'm making is that it is surprising just how shielded something has to be to completely stop RF signals getting in or out.

Indeed, after a manufacturer who shall remain nameless "improved" their telephone system to meet the 1994 EMC regulations (http://origin-www.legislation.gov.uk/cy/uksi/1994/3080/made) I spent a happy 6 months trying to work out why thousands of them kept crashing, nearly always in rural areas, never in cities, it was a tough job in the middle of summer being forced to spend loads of time out of the office in such hell holes as the south coast, the Lake District, Isle of Wight, Devon and Cornwall,etc, etc.  I finally was able to prove that if the phone lines reached the phone system via long overhead cabling (telephone poles) then a lightning strike within 50 miles would cause enough of an RF surge to crash the phone system. You would be amazed just how many lightening strikes per day there are, even in the UK.  How a manufacturer managed to open his system to incoming RF interference whilst at the same time totally shielding it from outgoing interference is a mystery I never did get to the bottom of!

Link to comment
Share on other sites

10 minutes ago, Keith said:

You would be amazed just how many lightening strikes per day there are, even in the UK.

Are you serious - I know what the UK weather is like...

(other than the last two weeks) it is rubbish - lightening is a foregone conclusion!

Link to comment
Share on other sites

Most EUCs I know about (from reading and see pictures on this forum) uses similar technology. I know a way to remotely and permanently destroy the boards, in a ugly and dangerous way. BUT I do not want to discuss this because I don't know the motivations others may have - I really believe and <3 EUCs but others may want to "destroy" them/the market, so I will not discuss this subject and I will instead focus in doing the OpenSource firmware.

Link to comment
Share on other sites

  • 1 month later...

@EricGhost said in the above linked thread:

Mobile phone industry is pin code based, I do not see any suffering because of This.

Today if I see a KS16 not mine I can connect and change the tiltback to 10km, the owner if nearby or on the wheel will just hear a beep-beep and only later realized I tricked his wheel, not a clever situation.

<break> <break>

Exactly what I was saying!
Link to comment
Share on other sites

6 hours ago, RenaissanceMan said:

@EricGhost said in the above linked thread:

Mobile phone industry is pin code based, I do not see any suffering because of This.

Today if I see a KS16 not mine I can connect and change the tiltback to 10km, the owner if nearby or on the wheel will just hear a beep-beep and only later realized I tricked his wheel, not a clever situation.

<break> <break>

Exactly what I was saying!

That seem like a bug in current FW on a specific model/brand. Any changes made in the app (excluding light settings) must be confirmed by powering the unit off and on again on my Ninebot.

Link to comment
Share on other sites

32 minutes ago, Vik's said:

That seem like a bug in current FW on a specific model/brand. Any changes made in the app (excluding light settings) must be confirmed by powering the unit off and on again on my Ninebot.

I'd not call that a bug - it's simply designed that way. Makes no difference really anyway. So what - your "hacked" changes will apply after "reboot" of the EUC instead of right away - makes it actually worse as you'll be miles away from the actual "hacker" ;) 

Link to comment
Share on other sites

2 minutes ago, HEC said:

I'd not call that a bug - it's simply designed that way. Makes no difference really anyway. So what - your "hacked" changes will apply after "reboot" of the EUC instead of right away - makes it actually worse as you'll be miles away from the actual "hacker" ;) 

It depends... Is the main fear is that someone can connect to an unsecured BT Controller and make the wheel stop by powering it off (while in motion)? Or the remote possibility that someone change some settings on EUC so you have to reset it to default settings? Former is more dangerous I suppose as it could result in bodily injuries....

Link to comment
Share on other sites

5 minutes ago, Vik's said:

It depends... Is the main fear is that someone can connect to an unsecured BT Controller and make the wheel stop by powering it off (while in motion)? Or the remote possibility that someone change some settings on EUC so you have to reset it to default settings? Former is more dangerous I suppose as it could result in bodily injuries....

I'm yet to see EUC that can be switched off while in motion. The only possible risk would be  if you'll be standing on the wheel and not moving that someone can remotely turn it off under you. Although the wheel with remote shut down (like Inmotion) have also PIN protection on BT ;) 

Link to comment
Share on other sites

I f you do not want that anybody can change your setting or connect to your wheel by bt at all, there is a easy solution:

when you power it on, allways connect to your own phone app! as long you are connected yourself....no one else can!

Link to comment
Share on other sites

1 minute ago, HEC said:

I'm yet to see EUC that can be switched off while in motion.

And that is the point. That's how it should be.

1 minute ago, HEC said:

Although the wheel with remote shut down (like Inmotion) have also PIN protection on BT ;) 

As does the 9b miniPro.

Link to comment
Share on other sites

55 minutes ago, KingSong69 said:

I f you do not want that anybody can change your setting or connect to your wheel by bt at all, there is a easy solution:

when you power it on, allways connect to your own phone app! as long you are connected yourself....no one else can!

Not true. Multiply apps can connect at the same time - at least on KS wheels.

Link to comment
Share on other sites

6 hours ago, HEC said:

Not true. Multiply apps can connect at the same time - at least on KS wheels.

???

when i have my Ks18 connected to the Kingsong App...it is not even visible for 9bmetrics -for example -anymore..

Also, when is was on the road with multiple Kingsongs in Thailand, and we want to adjust something on the app, we can only see the not connected wheels when scanning with the Kingsong app...

we got no chance to get on a already connected wheel!

my experience...

 

Link to comment
Share on other sites

Yep - I don't care if someone logs onto my wheel (MSV3) - they can't turn it off, or change any settings that will take effect without a restart. Ok, maybe lights, but nothing serious.

I thought this thread was going to be worrying about people physically trying to steal your wheel from you :)

That has crossed my mind, and apart from the fact I live in an area where these sort of things don't happen very often, I take some comfort from the fact EUCs are impossible for the non-rider to just ride off on, and too heavy to effectively run away with, unless they have disabled me first ! If I was in a big city like London, I would be more worried. 

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...