Thursday, November 9, 2017

An anti theft system allowing attackers to kill remotely the engine in electric scooters made by INOKIM/MyWay, affected model - model Quick 3.


Claim: An anti theft system allowing attackers to kill remotely the engine in electric scooters made by INOKIM/MyWay, affected model - model Quick 3.




MYWAY/INOKIM created new model - Quick 3, This model has new mobile phone app.
The app has anti theft system, which allows the owners to remotely deactivate the engine, in any situation (on move or during parking), this by using Bluetooth connection to BT module in the electric scooter, It’s a feature.

Malicious attacker can use this Anti-Theft  feature, in order to deploy easy attack, and shot down the engine of the scooter, even while the driver is using it in high speed
Potential causalities can be injury or death.

The serial number of the scooter (VIN)  just like cars, is shown on the scooter with no physical protection, and that basically all you need to know in order to deploy an easy attack..
The anti thief option in the app, can be trigger any time as long as you have the VIN (Inokim serial number).

Risk: loosing control, Death, injury, road accidents etc.





Technical info:
Attacker can use at least two options in order to deploy attack:

1.VIN and Bluetooth
The VIN, a serial number of the scooter which supposed to be secret due to the potential uses, is shown on the shooter like many other cars, so attacker can take a picture of the scooter frame, or just look at it, and  then he can deploy attack with temporary username in the app, and verification by VINs of any scooter out there.





2.Remote control of victim's mobile phones, can allow attacker to control the phone of the owner/target remotely and then deploy an attack even from another country.

Example: Mircast, Trojan horse, spy software with full control of the phone, team-viewer, VNC.

Status:
Company didn't answer to emails sent by
29.07.2017
07.10.2017
National Cyber Security Authority in Israel, got notified and, no update has been given regards proactive changes in the company.

Since the feature is made  by design, and supposed to help preventing people from stealing the scooters, it's logic security problem, and not typical mistake, they knew about it.

P.S.
1.The way I got into the VIN problem, is by informers who shared with me the fear of using those scooters, included of live demo they made on their device, of how the scooter can be shot down remotely, in high speed.

The idea of using Mircast or Trojan horse and remote controlling the owner app is mine.

Since at least 3 other people knew about the problem, before it came to my attention, I decided that I must share it now.

Moreover, my research show that connected bikes and connected scooters are becoming very popular, so the community attention must be higher, into engines with remote killing switch..

I believe that international ISO, should make new working groups regards those small vehicles, protecting cars only can’t cover the immediate situation in the streets, we need to make cyber regulation for the new era of mini connected electric vehicles.

You are welcome to contact me for any request

Sources:


Video of the ECU and BT controller.

Android App


IOS app

User Guide Manual

Amitay Dan (popshark1)




Saturday, September 30, 2017

TeamViewer and Ninebot mini pro by Sagway = All Terrain Connected Robots platfrom


Sometime we need to create, hacking is part of it
As some of you realized, I'm testing many use cases of Sagway robot platform recently.

In Israel UMI, are lunching this days the new line of Sagway. included what called Sagway robot, and Ninebot Plus.

The revolution is here, and so are the hackers :)

In my opinion,the robots are coming and we better join the forces, secure them and find something good to do with them.

I have tried the use of Sageway in wedding, as a party pal, a dog trainer, and even tested it for feeding animals understanding that it will help them to hunt again and go back to the nature.

I was making my robot, a navigator for blind people - replacing dogs, it was tested as a carrier in the nature and I had so much fun, mostly.

Some people were trying to force me to shot it down, other were trying to take it, or just talk to it like a dog.

Actually it's much better then Tinder since it's a proactive magnet for girls with curiosity, so it's a win win situation..

I made many people smile, thinking  - much more then whom who didn't like it
In high tech area, I got less positive impression then traditional, so basically people in Mea Sheaarim or Jaffa were mostly much more friendly then the people who supposed to build our startup nation.

My ritual uses is basically shopping, it's so great to have a robot who can carry 100kg.

However, I lost many things because of it, I fall down so many times and felt like going back 25 years, being super active person with tons of creativity, imagination so I like it, I like robots, and so many people around.

Some people told me that I'm insane, other said - wow we want one of this.

This days I'm opening a new platform called RAAS - Robots As A Service under Cybermoon, my company.

I think robots can be used as ultimate recon tool for hackers, and red teams worldwide can use them to simulate attacks.

According to my basic tests, Sagway were built with security by design, but basically I'm addicted to it so I cant be objective, others will do this job this time.
I can said that having limitation of numbers as a password, its something which has been seen before in other company, and this is something to change.

The ability to make a DDOS attack is out there, and having Bluetooth as a connection, should be change to something stronger.

As long as a person is on the device, it's loosing most of the abilities to control it, but some option are open.









Sagway Robot



 Shopping time


 

First POC of using TeamViewer in lab mode

 


 Using TeamViewer in field operation





A wake up call - Last mile security

Due to my recent finding in verity of automotive last mile devices, I think we must wake up and start to secure the new era of transportation.

There are missing ISO, no regulation and no defense line.
Government are loosing control, and there is no legal way to secure the streets.
 
People are buying exposed devices, with anti thief mechanism which is in fact the best Trojan horse, backdoor.

Others are having full control of their bikes, and it's so cool so they don't see the side effect the new risk. 

Simple VIN number is all needed for some of the devices, and sometime it's even shown in the SSID.

I like this revolution, I love robots but we must do something before it will be too late. 

This is black flag 

Some companies made good devices, but the amount of conversion wireless kits out there, being operated with BMS/RTU/PLC must be taken care ASAP.
 
 
Connected scooters
Connected Bike
Connected Robots
Connected OneWheel
Connected  Skateboard
Connected Drones

I think the word Internet of things, is totally wrong, the focus should be any wireless connection, WIFI/BT/BLE/2.4/GSM/GPS/etc.


 The internet it's not a necessary needed in order to deploy attack, it's time to protect bikes and scooters