Hack hijacks electric skateboards, dumps hipsters in the gutter
Automated attacks crash riders on the fly
A hacker duo have shown how to hijack "Boosted" brand electricity-assisted skateboards.
The boards feature small motors to help riders go up hills, or down hills much faster. An app controls the motors over Bluetooth.
Stripe security engineer Richo Healey and penetration tester and Bluetooth expert Mike Ryan found a way to block the Bluetooth signal used between the controller and skateboard, then force it to pair with a laptop.
The result was that Boosted skateboards could be remotely hijacked while in motion, with unpleasant consequences for riders.
"At places like traffic lights where you definitely know people are going to stop you could just nab a skater as they go past," Healey said.
"The attack would absolutely land within 30 seconds, and possibly ten."
The attack can be automated using scripts, allowing attackers to pop hipsters merely by carrying a laptop in a backpack.
"The first thing I thought when we started this is launching a bunch of hipsters who are rolling down Market Street" in Melbourne Ryan said.
"The simplest way to do this would be to get something that generates a whole lot of noise on the 2.4Ghz spectrum to disconnect the controller."
Flaws including failed encryption allowed the pair to write code that could emulate the Boosted controller to connect to the boards. They would not publicly release that code however.
The $100 'junk-hacking' work was presented at the Kiwicon conference in Wellington where the pair wrote an automated script to put the skateboard into a 'bucking bull' state which daring delegates attempted to master.
Boosted was in conjunction with the pair developing a firmware fix and was grateful of the research when it was first quietly disclosed.
Development of the injection attack began in September when the pair began reverse-engineering the protocol.
Healey first became aware that a hack was possible when earlier this year when his Boosted skateboard disconnected from its controller due to excessive radio interference in one busy Melbourne intersection, causing him to crash.
It was the first bug the pair shook out of the Boosted firmware, with more possible if the pair could obtain a research board to continue hacking including the development of tweaks that may allow the skateboards to accelerate beyond firmware speed caps.
"I'm not too keen on wrecking my main mode of transport," Healy said.
The pair were philosophical about the risk to life and limb, however.
"You could realistically use this as a means to target someone, but you could also just hit them with a car," Ryan said. ®
- Black Hat
- Common Vulnerability Scoring System
- Cybersecurity and Infrastructure Security Agency
- Cybersecurity Information Sharing Act
- Data Breach
- Data Protection
- Data Theft
- Digital certificate
- Identity Theft
- Kenna Security
- Palo Alto Networks
- Trusted Platform Module
- Zero trust