When Segway was introduced, it was described as revolutionary, the vehicle that would change transportation forever. The hype machine was off the charts. And it should be no surprise that with so much fanfare and eager anticipation…well the poor Segway could hardly live up to the expectations. It was one of the bigger duds of the decade.
Something like a transportation device should be handled with the utmost care and security, because somebody could be thrown off of it or seriously injured if an attacker decides that they want to hack it.
Still, the self-balancing two-wheeled personal vehicle found a place in the world, primarily on tourist promenades at beachside resorts. Not too many people seem interested in Segway as a commuter vehicle, but tourists around the world will don helmets and kneepads and cautiously follow a trusty guide down the sidewalk.
Since there is a certain silliness factor to this, many people took great pleasure when it was discovered that the new app that could program and drive a Segway like a drone, could be hacked.
Not only could it be hacked, it was darn easy to do. And worse, it can be hacked while a person is riding on it.
Some people find that pretty funny.
But of course, it really isn’t funny at all. Nobody wants their ride hijacked, even if it is a Segway. One really has to wonder what Segway was thinking putting out software with such weak security? Somebody could get hurt, and bad.
Segway’s MiniPro comes with a mobile application for driving, and was reportedly hacked by Thomas Kilbride. He claimed he was shocked at how easy it was.
The Segway MiniPro was supposed to be a big step forward. It had greater range, being able to travel up to 14 miles on a single charge at 10 miles per hour. But the big kicker was that you could run it from your phone, with that nifty app. The app let Segway riders and owners:
- Control the scooter remotely
- Shut the scooter down
- Locate other Segway MiniPros in the area with a social GPS tracker
- Use Bluetooth capabilities that connect to the scooter.
- Change the settings of the ride and accept firmware updates.
Kilbride claims that the features have weak security codes that can be used by attackers to bypass the user’s safety.
According to Kilbride, “I was surprised that the exploits were as accessible as they were. Something like a transportation device should be handled with the utmost care and security, because somebody could be thrown off of it or seriously injured if an attacker decides that they want to hack it.”
Weak Security System for Segway MiniPro
Because of his curiosity, Kilbride pointed out the flaws in the MiniPro’s mobile application.
- The app’s user PIN number was not being used for authentication at all times.
- The software update platform of the application did not have a mechanism in place.
The vulnerabilities that Kilbride discovered had alarmed a lot of companies and manufacturers that are offering technology. One specific market that could greatly be affected are the driverless cars.
It has happened before, in 2015, Chris Valasek and Charlie Miller, both hackers, took control of a Jeep Cherokee’s UConnect system. The system was an internet-connected computer feature that commands everything from the driver’s ability to make calls to the car’s navigation system.
Like the Segway, the system was believed to be secure, until it wasn’t.
The Segway hack should send off some alarm bells. While there is a lot of enthusiasm for self-driving cars all across the country, they are going to have to be safe and secure, and hack proof.
And that isn’t as easy as one would imagine. Self-driving cars need to communicate constantly with the outside world, without long lag times. The tighter the security, the slower the connection and communication. So building a car that can sense and respond to its location while rolling along at 65 mph isn’t going to be an easy task. Combine that with the need for lots of encryption and security, and it just got harder by several orders of magnitude.
Maybe the Segway hack was just a one-off error. Or maybe it is a wake-up call to those who are promoting the idea of self-driving cars for everyone. For the technology to be great, it also has to be safe and secure.
Segway going off the rails, not such a scary thought, but your average Suburban or Escalade, that gets a bit trickier for all involved. The greatest challenge for self-driving vehicles might actually come back to security and safety.
In order to secure self-driving vehicles, it comes at a price. This is a matter of whether how much car makers are willing to pay for a better security.