All the governments including the Indian are planning to introduce more and more e-scooters into the market to curb pollution. But the researchers found out a major hacking issue with these scooters similar to that of any internet-connected devices. The hackers can cause attacks to the users like eavesdropping on the user data or spoof the GPS system to make the rider confused with the routes and take them to a different destination. The Micro mobility service vendors can face data leakage and denial of service. This was found by the researchers of the University of Texas, San Antonio.
These findings have come out at a time when the global e-scooter market is projected to grow at a Compound Annual Growth Rate (CAGR) of 9.01 percent to reach an amount of $38.6 billion by the year 2025 from an estimated amount of $21.1 billion in 2018 according to the markets and markets research firm.
Research on the hacking issue is conducted by Professor Murtuza Jadliwala, Computer Science, University of Texas, along with graduate students Nisha Vinayaka- Sureshkanth, Raveen Wijewikrama and post-doctoral student Anindya Maiti.
Jadliwala said that “We have identified and outlined a variety of weak points or attack surfaces in the current ride-sharing, or micro-mobility, the ecosystem that could potentially be exploited by malicious adversaries right from inferring the riders’ private data to causing economic losses to service providers and remotely controlling the vehicles’ behavior and operation”.
They have published the first draft of their research results about the privacy and security risks posed by the e-scooters and the software services and applications related to them.
The e-scooters communicate with the rider’s smartphones via Bluetooth through a low energy channel. These wireless channels can be hacked and antisocial hackers can eavesdrop into the riders data exchanges with the scooter. They can access the smartphone app of the rider using easily available software like Ubertooth and Wireshark.
Personal information provided by the users during the signing up process will be leaked and later, other analytics like ride information and location can be accessed by the hackers.
These bits and pieces can be combined to get the persons intended riding locations, home address, work address, vehicle information, etc.
“To ensure that this industry stays viable, companies should think not only about rider and pedestrian safety but also how to protect consumers and themselves from significant cyber-security and privacy threats enabled by this new technology” the researchers noted.