xiaomi m365
xiaomi m365 scooter

We live in a time when we have to be vigilant about our personal data getting hacked, and potentially be used in ways that aren’t necessarily in our best interest. Think about it for a moment though. How much personal information you give to a company – any company – is essentially there for the taking. We know that even if companies have policies in place to prevent their data from getting hacked, it’s not necessarily a sure thing. From Equifax to Facebook, to Marriott – we as consumers need to be vigilant about where we are sharing our data and with whom we are sharing our data.

Of course we should be concerned about our own private data getting hacked, but should we also be concerned about other potential hacks? The answer is a big fat yes. Researches at mobile security firm Zimperium have discovered a bug in the Xiaomi M365 scooter that could allow a hacker to remotely access the device. Once they have taken over the device, the hacker can make the scooter accelerate or brake without the riders input. When I first heard this, I thought it was a tale from a movie, but this seems to be a legitimate concern. This, of course, begs two questions – who would want to hack a scooter, and was this bug planted with intention? Meaning, did the Xiaomi put the bug in the scooter to have some kind of nepharious control over the scooters?


I ask this question because of how the president reacted to Huawei with the notion that they were listening in on the conversations of U.S. residents. Which isn’t a far leap from Xiamoi, which also happens to be a Chinese based company. While neither claim has been proven to be true, I wanted to put this out there for consumption, even though, I don’t think it’s a plausible one. That said, the exploit in the software relates to an issue with the Bluetooth module on the scooter that is designed to let the device communicate with a rider’s smartphone. Researchers were able to connect with a scooter via Bluetooth, without being prompted for a password or any other form of identification.

Once connected, the researchers found that they could control the scooter from their phone. They were able to tell it to slow down or speed up, regardless of what the rider was doing. This was potentially putting riders in a dangerous situation. They also discovered that it was possible to upload malware into the scooter. All of this is quite scary and makes you wonder what else we are going to start seeing getting hacked.

What might be even scarier is that once Zimperium reported the bug to Xiaomi, they informed the researchers that they can’t fix the issue on their own. The company is using a third party developer module on the M365 scooter and will have to work with that company in order to fix the issue. Until then, these scooters will remain at risk of being a victim to Bluetooth hacks, so be careful. Maybe Elon Musk’s theory about the robot uprising isn’t so crazy afterall?