- Yes! And it turns out you know each other?
— We studied together and knew each other from university.
— Can you explain in more detail what the matter is here?
— Easy. Passwords required for authentication in the scooter system are used incorrectly, since they are checked only on the application side. The scooter itself does not monitor the authentication process, which leads to a serious bug — all commands can be executed without the need to enter a password.
— Have you posted the code of the application estonia mobile database the vulnerability anywhere?
- Johann, do I look like an idiot? There were three of us working on the hacking app. Me and two of my subordinates. One of them is on vacation now, but as far as I know, he hasn't left town.
- I see! For all of you, you were at the doctor's today. Here's a certificate from the hospital. You understand that it's better to keep your visit to us a secret for now.
- Understand.
- Boss, Karl invites you to the meeting room.
— Chief, look, here are the shots from three cameras near the scene. And here are the numbers of the smartphones that were near the scene at that moment. Now look. You see, the man is holding the smartphone in his hand and doing something on the screen. And then he quickly leaves.
— Were you able to recognize him?
- Yes. This is an employee from company Z - the one who was said to be on vacation.
— Give his name to the police and ask them to bring him to us.
An hour later, the car accident case was closed. It was indeed a premeditated murder.
Unfortunately, this is not a fairy tale. Xiaomi M365 electric scooters are vulnerable - the security problem in these vehicles was discovered by expert Reni Idan from the company Zimperium, which sells exploits. The gap is so serious that it can allow an attacker to remotely control the electric scooters - to suddenly brake or accelerate the vehicle.