14 DAY TRIAL // The popularity of electric scooters keeps increasing, and so is the interest hackers show for this new means of transportation, as cybercriminals groups see micromobility vehicles as potential targets for obtaining users’ personal data.
Research conducted by UTSA highlights the cybersecurity risks of electric scooters, as malicious actors can hijack them for a wide variety of activities, including spying on users.
For example, given the permanent connectivity between e-scooters and smartphones, which most often relies on Bluetooth Low Energy, hackers can intercept wireless communications and monitor the data exchange to obtain personal information.
High risk of data leaks
And because users very often provide a great deal of details when they sign up for an e-scooter service, cybercriminals could eventually be able to create profiles with highly sensitive data such as home and work locations, preferred routers, and personal interests.
“We’ve identified and outlined a variety of weak points or attack surfaces in the current ride-sharing, or micromobility, ecosystem that could potentially be exploited by malicious adversaries right from inferring the riders’ private data to causing economic losses to service providers and remotely controlling the vehicles’ behavior and operation,” Murtuza Jadliwala, an assistant professor in the Department of Computer Science, explained.
E-scooter service providers themselves are at risk, as hackers can launch denial-of-service attacks or try to spoof GPS systems in an attempt to point users to a different destination. Using the hardware capabilities of an electric scooters, they can also spy on users while they ride the scooter.
Given the amount of personal information these companies collect, there’s a high risk of data leaks, the research warns.
“To ensure that this industry stays viable, companies should think not only about rider and pedestrian safety but also how to protect consumers and themselves from significant cybersecurity and privacy threats enabled by this new technology,” Jadliwala noted.
The full findings of the study will be announced at AutoSec 2020 in March.