Hackers can gain full control over Xiaomi electric scooter, security group finds

Ben Tobin

Corrections & Clarifications: An earlier version of this story misspelled the name of the research group supplying the report.

Electric scooters have been popping up across the nation, creating issues with local officials and pedestrians

Now, some of those scooters may be hackable, adding to the list of potential issues, according to a report from Zimperium, a security research group.

The group found the Xiaomi M365 electric scooter, used by several companies, has a defect in which hackers can take complete control of the vehicle, including the ability to suddenly accelerate or brake the devices. 

Zimperium, which reported the flaws to Xiaomi, said the cause is passwords "not being used properly as part of the authentication process."

The Xiaomi electric scooters.

"The password is only validated on the application side, but the scooter itself doesn’t keep track of the authentication state," the company said in a statement. "Therefore, we can use all of these features without the need for authentication."

Through accessing the scooter via Bluetooth communications, the researchers at Zimperium could tinker with the scooters' anti-theft systems, cruise-controls, eco modes and firmwares. 

Xiaomi didn't immediately respond to USA TODAY's request for comment.

Scooter solutions: What to do about scooters? Officials work on solutions as problems go on

Safety concerns: Are scooters safe? Government scientists study health risks as scooters descend on cities

Follow USA TODAY intern Ben Tobin on Twitter: @TobinBen

This article originally appeared on USA TODAY: Hackers can gain full control over Xiaomi electric scooter, security group finds