back to article Segway hoverboard hijack hack could make hipsters eat pavement

The latest two-wheel transporter toy from Segway was disturbingly easy to hack, with miscreants requiring just seconds to take control of a vehicle, we're told. Researchers at hacking house IOActive probed the Chinese Segway miniPro, and said they found the wireless link between the machine and its accompanying mobile app was …

  1. Mr_Pitiful

    Rolab

    It doesn't seem to work on a Rolab Hoverboard

    They have Bluetooth for a music connection, but that's all it does!

    1. Anonymous Coward
      Anonymous Coward

      Re: Rolab

      "They have Bluetooth for a music connection, but that's all it does!"

      "They have Bluetooth for a music connection, but that's all I think it does!"

      TFTFY

  2. John Smith 19 Gold badge
    FAIL

    "wide-open plaintext chatter."

    Another classic PoS software "architecture."

  3. Michael H.F. Wilkinson Silver badge
    Facepalm

    Gobsmacked

    Plain text? Seriously? Plain text?!

    1. Anonymous Coward
      Anonymous Coward

      Re: Gobsmacked - Plain text? Seriously? Plain text?!

      Perhaps it's just custom and practice. Stepper motors and CNC machines are programmed in what's more or less plain text. Of course, they aren't connected to the Internot, but some people tend to forget the step change in security when adding minor features like that. Good enough for 1980, good enough for 2017.

    2. jake Silver badge

      Re: Gobsmacked

      You can talk to virtually all industrial controllers with ASCII. It's not a problem if it's airgapped. The issues arise when the airheads in charge insist an internet connection is needed.

  4. lglethal Silver badge
    Windows

    I mustnt be a hipster...

    ... because i honestly cant see ANY reason to have a Segway hooked up to a phone.

    Security device? Funnily enough, keys and bike chains have worked wonders for years now, decades even. Finding other Segway users nearby? Since when do I care if there are other People with the same bike/car/shoes in the same area as me when I'm going from Point A to B. Nope sorry. I really just dont get it...

    1. TRT Silver badge

      Re: I mustnt be a hipster...

      The two concepts of phone and personal transport might not be linked with a smooth logical step, or segue...

    2. james 68

      Re: I mustnt be a hipster...

      They're hipsters, ergo "Being healthy is too mainstream, I'm all about anti-health" they probably use the phone connection to show on their ironically anti-mainstream twitter status how many steps they haven't taken today on their trip to starbucks to cough out their lungs on an ecig while tapping dribble into their ironically fashionable macbook in the hopes that it'll turn into an ironically bestselling anti-mainstream novel while they wait for their acting breakthrough (though they'd never go mainstream it's all about the ironic arthouse movement).

      1. Keven E

        Re: I mustnt be a hipster...

        james 68 this has to be an 'other side of the pond' recognized description. Hipster's seem to be more of a trend follower than anti-trend... from what I've seen. Twitter, starbucks, ecigs, macbooks... way too mainstream... although there is a certain irony in having longer hair on your face than on your head...

        1. james 68

          Re: I mustnt be a hipster...

          Nope it's a cross pond definition. They do indeed slavishly follow every trend that rears it's head, but if you ask them about it they'll waffle on about how they do so "ironically" and "to show the mainstream masses how gullible they are". For people so fond of the word 'irony' they don't seem to understand its actual meaning.

          1. This post has been deleted by its author

          2. I ain't Spartacus Gold badge
            Happy

            Re: I mustnt be a hipster...

            Irony, that's like gold-ey or bronze-y isn't it?

            Actually I think irony might be the phone call I had literally halfway through typing the word irony above. It was from a dodgy call centre, on a dodgy skype line, probably from India, claiming to be the UK Nuisance Calls Department, offering to help me block all the nuisance calls I've recently been having. Though apparently not the current one...

    3. jake Silver badge

      Re: I mustnt be a hipster...

      .. because i honestly cant see ANY reason to have a Segway.

      FTFY, no charge.

  5. Peter2 Silver badge

    If you can gain control, couldn't you just turn 30 degrees left or right and ignore user input? That'd give a roughly 50% chance of dumping the rider into traffic, assuming that it's on the pavement.

    Selling something that inadequately secured ought to be a criminal offense.

    1. TRT Silver badge

      Fun LOGO scripting that! Does it have remotely operated handcuffs as well? That would be epic fun.

    2. hellwig Silver badge

      The easiest hack would just be to reverse the direction of the turn. Handles go left, segway goes right. I watched a video about a guy trying to learn a backwards bike, took him like a year, and then he forgot how to ride a normal bike.

      1. This post has been deleted by its author

    3. Chris G Silver badge

      I was wondering if there is an easy hack to download that will suddenly jam the brakes on without warning

      on segways and hoverboards, traditional skateboards are lowtech and easy, a handful of gravel= almost instant street pizza.

      Of course the ultimate irony would be dropping an anvil on one.

  6. Alistair Silver badge
    Windows

    This vuln would have added a whole new

    Definition to "Flash Mob" events.

    Have a hijacked segway running about rounding up other segways randomly and herding them to a specific point and then tossing all the riders at precisely the same spot, to match the beat of some middle of the road pop music piece..... All recorded on publicly viewable CCTV camera.... and posted to YouChube, twatter and faceblat live.

    Dear god.

    I'll be giggling insanely all day now.

    1. Anonymous Coward
      Anonymous Coward

      Re: This vuln would have added a whole new

      One problem - if they face-plant the tarmac then their beards will absorb the impact.

      1. moiety

        Re: This vuln would have added a whole new

        Doesn't have to be tarmac....could be a fountain or the top of a slip'n'slide.....

    2. Adam 1 Silver badge

      Re: This vuln would have added a whole new

      You must make this happen!

    3. I ain't Spartacus Gold badge

      Re: This vuln would have added a whole new

      Surely it should be to Yakkety Sax?

  7. Dale 3

    Why do you build us up...

    Segway hoverboard hijack hack could make hipsters eat pavement

    ...just to let us down...

    Those dreaming of sending hipsters crashing into the dirt can forget it, though.

    (buttercup?)

  8. LosD

    Re: And people trust goo ...

    "Those dreaming of sending hipsters crashing into the dirt can forget it, though. IOActive followed responsible disclosure, and the holes have now been patched, apparently"

    Curses! Foiled again!

    1. I ain't Spartacus Gold badge

      Re: And people trust goo ...

      Given the piss-poor security they've used, I'd imagine that it will only take a few minutes to find a different security flaw.

  9. TheElder

    "an attacker could take control of the Segway while it was being ridden and bring it to a sudden stop, catapulting the rider"

    Throwing somebody off a bridge or in front of a trolley comes to mind.

    1. james 68

      Didn't the inventor or company owner or somesuch of the segway fall off a cliff on one? Could be that the plod need to reopen that case.

      1. I ain't Spartacus Gold badge

        It was the guy who'd bought the UK distribution rights. He was apparently going for a "walk" in the country, and gently backed out of someone else's way so they could pass him on the path - and accidentally backed over a cliff.

        1. james 68

          Sure that's what the "someone" wants us to think.... But I'd put money on that "someone" being in possession of a phone with Bluetooth connectivity at the time of the "accident".

          It's a conspiracy I tells ya.

  10. Caltharian
    Devil

    a rapid continuous on the spot spin would be more amusing, and said hipster would probably fly a bit further and faster before hitting the ground

  11. Pascal Monett Silver badge

    "the holes have now been patched"

    The code has been patched. That is the first major stumbling block in IoT - kudos to having passed that step.

    The patches still need to be applied, which is the second major stumbling block. I recon that might take a while before all units are patched. I don't own any IoShiTe, so I wouldn't know.

    1. Adrian 4 Silver badge

      Re: "the holes have now been patched"

      TFA does say

      a firmware update addressing the security weaknesses was pushed to owners' phones and onto the rides. It's possible everyone is now up to date.

      Of course, there are both advantages and disadvantages to having the ability to updatye firmware without the user agreeing to it.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019