Number of vulnerabilities found by IOActive security researcher.
Connected devices are a double-edged sword these days. The added convenience and functionality has to be weighed against the security concerns associated with unsecured networks and hacking. One researcher has just discovered that the latest vulnerable tech comes from high-end hoverboards by Segway.
This high-end hoverboard-slash-segway combo actually powers by highly sensitive human interface while driving, relying on input from the driver’s balance, position, and even lower legs. As an added layer of connectivity, the user can also modify the device through its associated app, even allowing the user to “summon” the vehicle.
And in yet another example of “this is why we can’t have nice things”, security researcher Thomas Kilbride from IOActive discovered an alarming number of vulnerabilities that are too glaring and potentially dangerous to ignore. Among those was the ability to override the device without needing the security PIN, the publicly broadcast GPS coordinates that the app gives off for its “Find Riders Nearby” feature, and a lack of encryption that makes it possible to stage man-in-the-middle attacks. In what is admittedly a very what-if scenario, it’s possible that a hacker could locate your child’s device and actually summon it to him, or inject malicious code that overrode the user’s input and allowed the hacker to control the board. In theory, a hacker could even cause life threatening injury to a rider by altering the direction, speed, and other factors during travel.
Patched, but questions remain
Fortunately, these flaws were discovered last year and Segway has issued the necessary patch, but it begs the question: why are so many connected devices reaching consumers only to have security researchers (or worse, hackers) discover all the ways the product can turn on you? The cultural meme about the toaster rising up and overthrowing its human owners is a silly joke, but the rush to get new devices onto store shelves means some companies aren’t thoroughly vetting their own handiwork.