E-scooters are becoming more popular among consumers, especially those who live in urban areas and value their high mobility. But a recent study shows that these devices have their drawbacks when it comes to security.
Researchers from the University of Texas at San Antonio say that hackers can easily target e-scooters to mine for personal information or actively interfere with how the product works in real time.
"We've identified and outlined a variety of weak points or attack surfaces in the current ride-sharing, or micromobility, ecosystem that could potentially be exploited by malicious adversaries right from inferring the riders' private data to causing economic losses to service providers and remotely controlling the vehicles' behavior and operation," said assistant professor Murtuza Jadliwala.
According to the researchers, there are many angles from which hackers can attack e-scooters. Perhaps one of the most invasive ways is to go after a rider’s smartphone by delving into the Bluetooth connection that often links these devices with the internal e-scooter systems. This can compromise a trove of information, including preferred routes, home and work locations, and other sensitive data.
Companies who maintain and rent out e-scooters can also give hackers a way to access consumers’ personal information. The research team says that the billing information each business collects as part of a rental transaction can be up for grabs if it isn’t properly encrypted. The risk of a data leak or denial-of-service attack can also become high if proper protections aren’t in place.
"Cities are experiencing explosive population growth. Micromobility promises to transport people in a more sustainable, faster and economical fashion," said Jadliwala. "To ensure that this industry stays viable, companies should think not only about rider and pedestrian safety but also how to protect consumers and themselves from significant cybersecurity and privacy threats enabled by this new technology."
The team’s full study is being presented at AutoSec 2020.