2. E-spoofer: attacking and defending xiaomi electric scooter ecosystem
print

E-spoofer: attacking and defending xiaomi electric scooter ecosystem

Casagrande, Marco; Cestaro, Riccardo; Losiouk, Eleonora; Conti, Mauro; Antonioli, Daniele
THCon 2024, Toulouse Hacking Convention, 4-5 April 2024, Toulouse, France

Users connect and manage their Xiaomi e-scooter over Bluetooth Low Energy (BLE) through the Mi Home mobile app. We reverse-engineer the four iterations of the Xiaomi proprietary protocol spoken over BLE and exploit six vulnerabilities to break security, privacy, and safety. We develop four proximity and remote attacks that we call Malicious Pairing and Session Downgrade. As a result, we are able to unlock software-locked e-scooters (and steal them) or prevent access to the e-scooter via Mi Home. We evaluate three e-scooters and five BLE subsystems using our open-source toolkit, and we fix the attacks by proposing two practical countermeasures.


Detail
BIBTEX
Type:
Talk
City:
Toulouse
Date:
2024-04-04
Department:
Sécurité numérique
Eurecom Ref:
7640
Copyright:
© EURECOM. Personal use of this material is permitted. The definitive version of this paper was published in THCon 2024, Toulouse Hacking Convention, 4-5 April 2024, Toulouse, France and is available at :
See also:
ANTONIOLI Daniele
CASAGRANDE Marco
CESTARO Riccardo
PERMALINK : https://www.eurecom.fr/publication/7640