For all of Segway’s advanced mechanics and incredible feats of stabilization, this futuristic ride hasn’t had the smoothest ride since it’s introduction. Originally launched at the end of 2001 under a veil of secrecy and hype, Segway slowly became more of a punchline over the ensuing years due to it’s inflated price and association with lazy and overweight riders including Mall Cop’s Paul Blart. Then in 2010, millionaire philanthropist, Jimi Heselden, accidentally plunged off a cliff while riding a Segway. He had recently purchased the Segway company from inventor Dean Kamen. Now, as if things couldn’t get any worse, the Segway MiniPro has joined the long list of hackable transportation devices.
Segway MiniPro Personal Transporter is the latest version in the line of advanced self stabilizing scooters. At just under 30 pounds it has a range of 14 miles with a top speed around 10 MPH. The Segway MiniPro’s smaller size and price is more targeted at consumers and allows easy pairing to a mobile app for remote control even if there is not a person physically on it. Bluetooth is the wireless connection of choice providing a decent range of 50 feet. When the mobile device is outside that range or unpairs, the mini scooter shuts off and comes to a safe stop by itself automatically. Segway MiniPro even supports a GPS tracking crowdsourcing feature allowing you to identify other nearby Segways, kind of like those little locators for lost keys and wallets.
You may be wondering why I’m providing a laundry list of cool features instead of detailing the hacking of this personal transportation device. It is because the longer the list of features, the longer the list of potential attack vectors. And with a device like Segway MiniPro, a seemingly harmless hack could quickly become a dangerous death ride. The similarities to stories involving remote car hacking demonstrations are all too real. We all love mobile apps and their ability to control and connect wirelessly but I also understand the importance of not trading convenience for security.
IOActive security researchers were recently able to uncover an alarming number of vulnerabilities in the Segway MiniPro Personal Transporter. For starters, a user PIN was not properly implemented at all levels. This normally protects all Bluetooth communications from unauthorized access but here, would allow an unauthorized user to send arbitrary valid commands to the MiniPro without having to even enter the user PIN. This means full control over the MiniPro with or without an operator aboard the scooter.
There was also no clear validation or integrity check of firmware updates to ensure they originated from Segway. Hackers routinely exploit routers and networks by installing malware (malicious software) to override basic system programs and this is no different. So even when Segway releases new firmware for the MiniPro, users might still be fooled into believing they have the latest patch installed. Once hackers have bypassed the basic safety mechanisms, taking complete control of the scooter is only a trivial matter. In addition, the firmware has not even encrypted. Basic data encryption should be the default for all consumer products these days no matter how simple or harmless the products might appear.
IOActive went onto detail more security flaws in a Wired article but their video guide on how to hack this Segway model has already been pulled from Youtube. The good news is that Segway has already addressed some disclosed security flaws reported with new firmware featuring improved security including cryptographic signaling to confirm the firmware truly originated from Segway. For increased privacy, Segway has also eliminated the ‘rider nearby’ feature which disclosed other users and their MiniPros in the area.
I applaud manufactures who readily address bugs and vulnerabilities brought to their attention by security researchers. In this increasingly connected world, companies that look out for consumer privacy and security will be rewarded with loyal customers.
This blog originally appeared on Connected World
Latest posts by Scott Schober (see all)