The exploit relates to an issue with the Bluetooth module on the scooter that is designed to let the device communicate with a rider’s smartphone. The researchers were able to connect with a scooter via Bluetooth without being prompted for a password or any other form of identification. Once connected, the researchers found that they could control the scooter from their phone, telling it to slow down or speed up regardless of what the rider was doing, potentially putting them in a dangerous situation. They also discovered it was possible to upload malware to the machine.
Making matters even worse, after Zimperium reported the bug to Xiaomi, the company informed the researchers that they can’t fix the issue on their own. The company got the Bluetooth implementation module used on the M365 model scooter from a third-party developer and will have to work with that firm to fix the issue. Until then, the M365 scooters will remain at risk of falling victim to Bluetooth hijacking.