Electric skateboard owners be warned, because security experts have found a method of hacking into these devices (or at least one brand) and taking control of them – with possibly dire consequences for the rider.
Richo Healey, a security guru who works for Stripe, and an eBay security employee Mike Ryan, put their heads together to work out the hack, which involves taking control of the skateboard via Bluetooth.
As Wired reports, the pair demonstrated their attack on a Boosted electric skateboard, which the rider operates via a handheld Bluetooth controller. The system uses Bluetooth Smart, but there’s no encryption implemented, which means it’s possible to jam the signal and cut the controller off from the board.
Attackers can then connect directly to the skateboard from a laptop, and issue their own commands – for example, to turn the wheels to full-speed reverse. Given that this piece of equipment is capable of topping 20 miles per hour, if you’re going full pelt forwards, then suddenly maximum reverse without warning, that’s definitely going to see you thrown from the board, possibly with quite nasty results.
Healey and Ryan concentrated on the former’s own Boosted electric skateboard when it came to their hacking exploits, but also looked at other manufacturers’ efforts, including Revo, and reportedly found at least one “critical” vulnerability in every board which was put through its security paces.
A demonstration of the hack was attempted at DefCon this weekend, but as The Register further reports, this actually ended in failure. However, it has been demonstrated several times previously, including Wired’s video, where it’s clearly shown working a number of times.
Unsurprisingly, Boosted has not sat idly by with all this media attention on its skateboard, and has hammered out a fix – namely adding Bluetooth encryption – which will be part of the board’s next firmware release, version 2.0.
Of course, this really should have been present in the first place. The company says that version 2.0 of the firmware will be out in pretty short order.
In a blog post, Boosted wrote: “You’ll be able to download v2.0 soon. We are currently testing the beta version to ensure quality before we release it to all our riders. We also hope you’ll join us in thanking the security researchers for working with us to make your boards safer and more secure.”
You might also like: Great Scott! Lexus hoverboard is just days away