Even skateboards can be hacked

It seems even the humble skateboard isn’t immune to hacking, as The Register reports that the ‘Boosted’ brand of electric skateboards has been compromised by a pair of hackers.

Boosted boards contain a small motor to speed them up while going down hills, and to assist with climbs, with an app controlling the motor over Bluetooth. But Richo Healey and Mike Ryan discovered a method of blocking the Bluetooth signal between the board and the controller, which could then force it to be paired with a laptop.

In short, this meant the board could be taken over while moving, which could lead to dangerous side-effects for the person riding the board.

The hack was demonstrated at the Kiwicon conference, where a script was written to make the board buck around, with brave delegates encouraged to ride the hacked board.

Speaking to The Register, Healey explained the possible consequences of the hack. “At places like traffic lights where you definitely know people are going to stop you could just nab a skater as they go past. The attack would absolutely land within 30 seconds, and possibly 10.”

The hack could be automated using scripts, the pair said, meaning that an attacker could target the board just by carrying a laptop around. “The simplest way to do this would be to get something that generates a whole lot of noise on the 2.4Ghz spectrum to disconnect the controller,” Ryan explained.

Boosted was alerted to the exploit, and has issued a firmware fix with the pair’s assistance. But even without a fix in place, Ryan doesn’t believe the hack would have much real-world use: “You could realistically use this as a means to target someone, but you could also just hit them with a car.”

Author , ESET

  • Andrew

    Is it normal my Eset quarantined Win32/Shutdowner.NAL trojan? I mean is it only a potentially unwanted application or a real trojan. It comes from C:Users…..AppDataLocalTempsvchost.exe

    I have a lot of svchost.exe in my task manager running processes (sometime like 12 svchost.exe) I don’t know why.

    Can you explain to me please what’s that svchost.exe process and that Shutdowner. NAL trojan?

    Thank you

    • Hi Andrew,

      Win32/Shutdowner is a trojan and not a PUA. Actually, a small script that shutdowns the PC if the ESET process wouldn’t be active.

      The svchost.exe is a windows process to share dll’s with other applications, as windows was moving EXEs to DLLs to take a chance on reusability. However, the operating system cannot run a DLL by itself so uses this svchost process to do so. Since having every process sharing the same svchost could be risky, becuase if it fails, all the programs will fail, then the OS uses groups. So, you can check by using “tasklist /SVC” command in a prompt to see what services are used in every svchost and kill them if not needed.

      In case you think this file should not be detected you can send the sample to us for further analysis: http://kb.eset.com/esetkb/index?page=content&id=SOLN141&actp=search&viewlocale=en_US&searchid=1420448314673

      Regards,
      Raphael

Follow us

Copyright © 2016 ESET, All Rights Reserved.