At this point, it feels like everything that can be hacked, will be hacked: Computers, phones, industrial systems, cars, baby monitors, and now... electric skateboards.
Security researchers Richo Healy and Mike Ryan developed an electric skateboard exploit they call, amusingly enough, FacePlant. The hack allows them to completely take control of a $1500 Boosted e-skateboard. They also found vulnerabilities in Revo and E-Go skateboards but haven’t completed exploits just yet.
The hack works by hijacking the skateboard’s unencrypted Bluetooth controls. Once they take over the board with a laptop, the rider is at their mercy:
Once he achieves this, he can stop the skateboard abruptly, ejecting the rider, send a malicious exploit that causes the wheels to suddenly alter direction and go in reverse at top speed, or disable the brakes. An attacker can also simply jam the communication between the remote and the board while a driver is on a steep hill, causing the brakes to disengage.
Healy and Ryan also found a way to override the top speed limits on electronic boards by remotely installing new firmware. For example, they can make targeted Boosted board fly past its built-in 25 mile-per-hour speed limit. Indeed, the firmware exploit gave the researchers a disturbingly free reign to send someone on a wild ride, as Ryan told Wired:
“Once you have the ability to write arbitrary firmware, you can change the top speed, change the minimum speed, make the board refuse to stop and ignore the existence of the [remote] controller,” says Ryan. And after overwriting the firmware, the skateboard owner would have to refresh the firmware to regain control of the board.
It’s a sobering reminder that most “smart” gear you buy is vulnerable in some way to hackers.