E-scooters can be hacked to eavesdrop on riders: Study

E-scooters can be hacked to eavesdrop on riders: Study

Photo for representation only. iStock

Houston, January 27

Micromobility vehicles such as e-scooters -- which are seen as potential solution to help tackle traffic congestion in cities -- may pose security and privacy risks for the riders, researchers, including those of Indian origin, have found.

The researchers from the University of Texas at San Antonio (UTSA) in the US found that e-scooters have risks beyond the perils of potential collisions.

"We were already investigating the risks posed by these micromobility vehicles to pedestrians' safety. During that study, we also realised that besides significant safety concerns, this new transportation paradigm brings forth new cybersecurity and privacy risks as well," said Murtuza Jadliwala, an assistant professor at UTSA, who led the study.

According to their review, hackers can cause a series of attacks, including eavesdropping on users and even spoof GPS systems to direct riders to unintended locations.

Vendors of e-scooters can suffer denial-of-service attacks and data leaks, according to the researchers, including Nisha Vinayaga-Sureshkanth, and UTSA postdoctoral fellow Anindya Maiti.

"We've identified and outlined a variety of weak points or attack surfaces in the current ride-sharing, or micromobility, ecosystem.

This could potentially be exploited by malicious adversaries right from inferring the riders' private data to causing economic losses to service providers and remotely controlling the vehicles' behaviour and operation," said Jadliwala.

Some e-scooter models communicate with the rider's smartphone over a Bluetooth Low Energy channel, the researchers said.

Someone with malicious intent could eavesdrop on these wireless channels, and listen to data exchanges between the scooter and riders' smartphone app by means of easily and cheaply accessible hardware, and software tools, they said.

Those who sign up to use e-scooters also offer up a great deal of personal and sensitive data beyond just billing information.

According to the study, providers automatically collect other analytics, such as location and individual vehicle information.

This data can be pieced together to generate an individual profile that can even include a rider's preferred route, personal interests, and home and work locations, according to the researchers.

"Cities are experiencing explosive population growth. Micromobility promises to transport people in a more sustainable, faster and economical fashion," said Jadliwala.

"To ensure that this industry stays viable, companies should think not only about rider and pedestrian safety but also how to protect consumers and themselves from significant cybersecurity and privacy threats enabled by this new technology," he said. - PTI

Cities

View All

Crackdown on illegal PGs, 7 shut operations

DC warns of strict action against those found flouting norms

No one shows up for PG registration

Thousands operating in city, but only 25 registered

Chandigarh MC House okays cut in water tariff hike

Commissioner objects, heated arguments follow

Encroachments near top cop’s house, police post go unnoticed

Adjoining shopkeepers, vendors resent ‘step-motherly treatme...

No senior official’s name surfaces in SHO’s grilling

3 criminals freed by cop nabbed, one with 12-gm heroin

Lawyers strike work over shifting of courts

Five courts dealing with cheque-bounce cases shifted to new ...

LIT goes slow on Lodhi Club in Ludhiana

Fails to act against ‘violations’ by club management