2 min read

A skateboard with Bluetooth? Yep, that can be hacked with FacePlant

Graham CLULEY

August 04, 2015

Ad One product to protect all your devices, without slowing them down.
Free 90-day trial
A skateboard with Bluetooth? Yep, that can be hacked with FacePlant

Two security researchers have revealed that they have found a way to hack into the Bluetooth controllers of electric skateboards, seizing control, and potentially sending their riders crashing to the ground.

Speaking to Wired, Mike Ryan and Richard “Richo” Healey, revealed that they first became interested in how easily electric skateboards might be hacked after Healey’s board became uncontrollable last year when he rode into an intersection in Melbourne, Australia.

The area, apparently, was well known for radio interference caused by a bombardment of Bluetooth devices all trying to communicate.

So, Healey hadn’t been hacked – his skateboard had just suffered an (accidental) denial-of-service attack. But his interest, and that of his fellow researcher Mike Ryan, had been piqued.

The two came up with an exploit they dubbed “Faceplant” – interrupting the Bluetooth Low Energy connection between the board and its handheld remote control, and then hijacking control to change direction, alter the speed or disable the brakes:

Because the Bluetooth communication is not encrypted or authenticated, a nearby attacker can easily insert himself between the remote and the app, forcing the board to connect to his laptop. Once he achieves this, he can stop the skateboard abruptly, ejecting the rider, send a malicious exploit that causes the wheels to suddenly alter direction and go in reverse at top speed, or disable the brakes. An attacker can also simply jam the communication between the remote and the board while a driver is on a steep hill, causing the brakes to disengage.

The exploit is demonstrated in the following YouTube video:

So far, the researchers have found a way of exploiting a vulnerability in the Boosted electronic skateboard, which sells for an eye-watering $1500, as well as a board made by Revo. A further exploit named “Road Rash” is in the works for the Chinese manufactured E-Go board.

It appears that the electronic skateboard manufacturers have failed to properly secure the communications between the boards and the handheld controllers – with no encryption or authentication being used.

So, if you aren’t a skateboarder should be concerned about this?

Well, aside from the risk that you might be a passer-by or motorist who is hit by a tumbling skateboarder, there *are* other reasons to be concerned.

Because news of this skateboard hack is just the latest in a long line of hacks that are increasingly highlighting the weakness of the Internet of Things.

Wearable fitness trackers, sniper rifles, and even Jeeps driving at 70mph down a busy highway have all been found vulnerable to hackers in the last few weeks.

How many other manufacturers are rushing to connect their devices up to the internet, with little care or thought to the possible security implications?

tags


Author



Right now

Top posts

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

Enhance your cyber resilience and privacy on Computer Security Day in four easy steps

November 29, 2022

2 min read
How to monitor your online privacy during your Thanksgiving trip

How to monitor your online privacy during your Thanksgiving trip

November 22, 2022

3 min read
Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

Just your yearly dose of Black Friday spam: Cybercrooks get ahead of the game to steal shoppers’ info

November 16, 2022

6 min read
Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

Bitdefender VPN in 2022: the new, the improved, and the soon-to-be

November 14, 2022

5 min read
Cyber Tips for a Spook-Free Halloween

Cyber Tips for a Spook-Free Halloween

October 26, 2022

3 min read
August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August Spam Debrief: Bitdefender Labs Warns of Fraud Campaigns Exploiting the Russia-Ukraine War

August 31, 2022

4 min read

FOLLOW US ON

SOCIAL MEDIA


You might also like

Hacking cars remotely with just their VIN Hacking cars remotely with just their VIN
Graham CLULEY

December 05, 2022

2 min read
Russian courts attacked by CryWiper malware that poses as ransomware Russian courts attacked by CryWiper malware that poses as ransomware
Graham CLULEY

December 05, 2022

2 min read
Android App in Google Play Store Was Harvesting SMS Messages Helping Criminals Create New Accounts Android App in Google Play Store Was Harvesting SMS Messages Helping Criminals Create New Accounts
Silviu STAHIE

December 02, 2022

1 min read