After all these years, the only thing that comes to mind when I think of Segway scooters is GOB from Arrested Development. It’s to the point that I absolutely cannot take any news related to Segways seriously because all I see is his smug face floating around.
Now we can all join in on the massive joke that is the existence of Segways, Arrested Development fan or not, because guess what? Apparently it’s possible to hack them.
How they were hacked
Fortunately, this was discovered through research and not a dark turn to a nice family Segway tour. In January, researcher Thomas Kilbride discovered the Segway MiniPro and its corresponding mobile app was open to hacking.
The MiniPro app uses Bluetooth to connect with the scooter, providing basic movement commands.
Kilbride discovered the PIN meant to limit Bluetooth access wasn’t being used on every level of authentication, according to Wired.
This means theoretically, someone could remotely take control of your fancy self-balancing toy and send commands to the scooter without entering the security PIN. Oh also, Kilbride found the software update system had nothing in place to verify firmware was from Segway and not rando hackers. So that’s neat and not at all alarming.
Without firmware checks and PIN requests for every level of authentication, hackers could install malicious firmware, allowing them access to drive, stop, or turn off the scooter.
Got things under control
Kilbride presented his findings to Segway back in January, and they were like, yeah our April update is dealing with this. Segway added cryptographic signing in order to validate firmware, and says they took steps to evaluate Bluetooth security. The company also disabled a “Rider Nearby” function that served as a social network showing nearby riders.
Although Segway says they’ve fixed things, this speaks to a larger problem of hackable motorized vehicles.
Remember that time researchers figured out how to hack a Jeep and in turn Fiat Chrysler recalled 1.4 million vehicles?
How about last summer when researchers found out Mitsubishi Outlanders could be hacked to have their car alarms disabled? Yeah, definitely a potential issue. Luckily, these problems are being discovered via research. Unluckily, sometimes products go out before adequate testing has been conducted.
Careful with that tech
Even the FBI is concerned. Last March, the FBI and National Highway Traffic Safety Administration warned carmakers and owners that vehicles are increasingly open to hacking. The best we can do now is hope automakers listened, and maybe be wary of remote control vehicles.