Nav: Home

The great e-scooter hack

January 27, 2020

(San Antonio -- January 27, 2020) Micromobility vehicles, such as e-scooters, zip in and out of traffic. In San Antonio alone, over 12,000 scooters are on the road. For this reason, micromobility is seen as an alleviating trend to help tackle traffic congestion.

However, new research out of UTSA finds e-scooters have risks beyond the perils of potential collisions. Computer science experts at UTSA have published the first review of the security and privacy risks posed by e-scooters and their related software services and applications.

"We were already investigating the risks posed by these micromobility vehicles to pedestrians' safety. During that study, we also realized that besides significant safety concerns, this new transportation paradigm brings forth new cybersecurity and privacy risks as well," noted Murtuza JaAccording to the review, which will soon appear in the proceedings of the 2nd ACM Workshop on Automotive and Aerial Vehicle Security (AutoSec 2020), hackers can cause a series of attacks, including eavesdropping on users and even spoof GPS systems to direct riders to unintended locations. Vendors of e-scooters can suffer denial-of-service attacks and data leaks.

"We've identified and outlined a variety of weak points or attack surfaces in the current ride-sharing, or micromobility, ecosystem that could potentially be exploited by malicious adversaries right from inferring the riders' private data to causing economic losses to service providers and remotely controlling the vehicles' behavior and operation," said Jadliwala.

Some e-scooter models communicate with the rider's smartphone over a Bluetooth Low Energy channel. Someone with malicious intent could eavesdrop on these wireless channels and listen to data exchanges between the scooter and riders' smartphone app by means of easily and cheaply accessible hardware and software tools such as Ubertooth and WireShark.

Those who sign up to use e-scooters also offer up a great deal of personal and sensitive data beyond just billing information. According to the study, providers automatically collect other analytics, such as location and individual vehicle information. This data can be pieced together to generate an individual profile that can even include a rider's preferred route, personal interests, and home and work locations. Jadliwala, an assistant professor in the Department of Computer Science who led this study.

"Cities are experiencing explosive population growth. Micromobility promises to transport people in a more sustainable, faster and economical fashion," added Jadliwala. "To ensure that this industry stays viable, companies should think not only about rider and pedestrian safety but also how to protect consumers and themselves from significant cybersecurity and privacy threats enabled by this new technology."
-end-
This study was produced in UTSA's Security, Privacy, Trust and Ethics in Computing Lab, which was also behind the recent publication on how smart bulbs can be hacked. The lab is dedicated to examining privacy and security issues in ubiquitous devices.

The micromobility e-scooter analysis was conducted by Jadliwala alongside graduate students Nisha Vinayaga-Sureshkanth, Raveen Wijewickrama and postdoctoral fellow Anindya Maiti.

UTSA is ranked as one of the top 6 young universities in the nation, according to Times Higher Education. UTSA is also home to the National Security Collaboration Center, which is tasked with tackling the nation's largest security threats.

University of Texas at San Antonio

Related Cybersecurity Articles:

Computer scientists' new tool fools hackers into sharing keys for better cybersecurity
Instead of blocking hackers, a new cybersecurity defense approach developed by University of Texas at Dallas computer scientists actually welcomes them.
Cultural differences account for global gap in online regulation -- study
Differences in cultural values have led some countries to tackle the specter of cyber-attacks with increased internet regulation, whilst others have taken a 'hands-off' approach to online security -- a new study shows.
Study finds companies may be wise to share cybersecurity efforts
Research finds that when one company experiences a cybersecurity breach, other companies in the same field also become less attractive to investors.
$4.6 million award creates program to train cybersecurity professionals
A five-year, $4.63 million award from the National Science Foundation will enable a multi-disciplinary team of researchers at the University of Arkansas to create a program to recruit, educate and train the next generation of cybersecurity professionals.
First cyber agility framework to train officials developed to out-maneuver cyber attacks
To help train government and industry organizations on how to prevent cyberattacks, as part of a research project for the US Army, scientists at The University of Texas at San Antonio, developed the first framework to score the agility of cyber attackers and defenders.
Cyber of the fittest: Researchers develop first cyber agility framework to measure attacks
The framework proposed by the researchers will help government and industry organizations visualize how well they out-maneuver attacks over time.
Army researchers identify new way to improve cybersecurity
Researchers at the US Army Combat Capabilities Development Command's Army Research Laboratory, the Army's corporate research laboratory also known as ARL, and Towson University may have identified a new way to improve network security.
How susceptible are hospital employees to phishing attacks?
A multicenter study finds high click rate for simulated phishing emails, potential benefit in phishing awareness training.
A Georgia State cybersecurity study of the dark web exposes vulnerability to machine identities
A thriving marketplace for SSL and TLS certificates -- small data files used to facilitate confidential communication between organizations' servers and their clients' computers -- exists on a hidden part of the Internet, according to new research by Georgia State University's Evidence-Based Cybersecurity Research Group (EBCS) and the University of Surrey.
Army scientists revolutionize cybersecurity through quantum research
Army scientists have found a novel way to safeguard quantum information during transmission.
More Cybersecurity News and Cybersecurity Current Events

Trending Science News

Current Coronavirus (COVID-19) News

Top Science Podcasts

We have hand picked the top science podcasts of 2020.
Now Playing: TED Radio Hour

Listen Again: The Power Of Spaces
How do spaces shape the human experience? In what ways do our rooms, homes, and buildings give us meaning and purpose? This hour, TED speakers explore the power of the spaces we make and inhabit. Guests include architect Michael Murphy, musician David Byrne, artist Es Devlin, and architect Siamak Hariri.
Now Playing: Science for the People

#576 Science Communication in Creative Places
When you think of science communication, you might think of TED talks or museum talks or video talks, or... people giving lectures. It's a lot of people talking. But there's more to sci comm than that. This week host Bethany Brookshire talks to three people who have looked at science communication in places you might not expect it. We'll speak with Mauna Dasari, a graduate student at Notre Dame, about making mammals into a March Madness match. We'll talk with Sarah Garner, director of the Pathologists Assistant Program at Tulane University School of Medicine, who takes pathology instruction out of...
Now Playing: Radiolab

What If?
There's plenty of speculation about what Donald Trump might do in the wake of the election. Would he dispute the results if he loses? Would he simply refuse to leave office, or even try to use the military to maintain control? Last summer, Rosa Brooks got together a team of experts and political operatives from both sides of the aisle to ask a slightly different question. Rather than arguing about whether he'd do those things, they dug into what exactly would happen if he did. Part war game part choose your own adventure, Rosa's Transition Integrity Project doesn't give us any predictions, and it isn't a referendum on Trump. Instead, it's a deeply illuminating stress test on our laws, our institutions, and on the commitment to democracy written into the constitution. This episode was reported by Bethel Habte, with help from Tracie Hunte, and produced by Bethel Habte. Jeremy Bloom provided original music. Support Radiolab by becoming a member today at Radiolab.org/donate.     You can read The Transition Integrity Project's report here.