Reverse engineering my cloud-connected e-scooter and finding the master key to unlock all scooters
10 points by jummo
10 points by jummo
The scooter does not have a manual start-stop function. Starting and stopping, unlocking the battery tray, setting it into transport mode, etc is all done via their app.
Bravo on reverse-engineering this, but also: let's never give people who do this money if we can absolutely help it. That is insane.
Bird's rental scooters suffered from essentially the same issue: a hardcoded encryption key shared between all units [1]. It was slightly less bad in their case due to the fact that nobody outside of the company and its contractors was ever really supposed to have prolonged, private access to the scooter. But, of course, hackers eventually got ahold of it.
[1] Technically only half of the key is hardcoded, but the other half is computed from information that can be queried directly from the scooter without authentification.