SAN ANTONIO — E-scooters for easy urban travel have become immensely popular over the past few years, popping up in essentially every major city in the United States. The growing trend of commuters and others zipping in and out of traffic has already led to some concerns regarding pedestrian safety, but now a new study has revealed another problem posed by the rise of e-scooters. Researchers from the University of Texas an San Antonio say that the very technology that makes these scooters so convenient is also very susceptible to potential hacks and data breaches.
The study’s authors predict hackers could potentially carry out a variety of attacks, including eavesdropping on riders, taking control of GPS systems to direct scooter users to different locations, denial of service attacks, and data theft.
“We were already investigating the risks posed by these micromobility vehicles to pedestrians’ safety. During that study, we also realized that besides significant safety concerns, this new transportation paradigm brings forth new cybersecurity and privacy risks as well,” comments study author Murtuza Jadliwala, an assistant professor in the UTSA Department of Computer Science, in a release.
“We’ve identified and outlined a variety of weak points or attack surfaces in the current ride-sharing, or micromobility, ecosystem that could potentially be exploited by malicious adversaries right from inferring the riders’ private data to causing economic losses to service providers and remotely controlling the vehicles’ behavior and operation,” Jadliwala says.
Many current e-scooter models communicate with riders’ smartphones via a Bluetooth Low Energy channel. It’s entirely plausible a person with malicious intentions could access those wireless channels and view data exchanges between the scooter and riders’ smartphone app. All things considered, this can be accomplished rather easily and cheaply using readily available software and tools like Ubertooth and WireShark.
Furthermore, the majority of people who sign up to use e-scooters end up handing over a variety of sensitive, personal data besides simple billing information. Most e-scooter companies automatically collect data such as location and individual vehicle information. All of that data could potentially be pieced together to formulate an individual rider profile encompassing a person’s typical daily preferred route, interests, and the location of both their home and workplace.
“Cities are experiencing explosive population growth. Micromobility promises to transport people in a more sustainable, faster and economical fashion,” Jadliwala concludes. “To ensure that this industry stays viable, companies should think not only about rider and pedestrian safety but also how to protect consumers and themselves from significant cybersecurity and privacy threats enabled by this new technology.”
The study is set to be presented at the proceedings of the 2nd ACM Workshop on Automotive and Aerial Vehicle Security (AutoSec 2020).