Security Affairs
Ernst & Young (EY) Investigates Data Breach Involving Third-Party Support Tickets|A cyberattack hit Nichirei, one of Japan’s largest food companies|New Russian Campaign Uses Fake Webex and Zoom Installers to Deploy Starland RAT|U.S. CISA adds KNX Association KNX Protocol Connection Authorization Option 1 and Oracle flaws to its Known Exploited Vulnerabilities catalog|Two Scattered Spider Members Sentenced to Prison Over £29 Million TfL Cyberattack|TuxBot v3: The IoT Botnet Built With AI – Bugs, Disclaimers and All|Claude Code and DeepSeek Powered Chinese Cyber Espionage Campaign|Zoom Fixes CVE-2026-53412, a Critical Account Takeover Bug|US and allied Governments’ Recommendations: Securing Network Devices Against Russian APT Groups|Chaotic Eclipse Unveils LegacyHive Exploit Affecting Fully Patched Windows Systems|AsyncAPI npm Supply Chain Attack: Malware Injected Into Packages With 2 Million Weekly Downloads|U.S. CISA adds SonicWall and Microsoft flaws to its Known Exploited Vulnerabilities catalog|Ernst & Young (EY) Investigates Data Breach Involving Third-Party Support Tickets|A cyberattack hit Nichirei, one of Japan’s largest food companies|New Russian Campaign Uses Fake Webex and Zoom Installers to Deploy Starland RAT|U.S. CISA adds KNX Association KNX Protocol Connection Authorization Option 1 and Oracle flaws to its Known Exploited Vulnerabilities catalog|Two Scattered Spider Members Sentenced to Prison Over £29 Million TfL Cyberattack|TuxBot v3: The IoT Botnet Built With AI – Bugs, Disclaimers and All|Claude Code and DeepSeek Powered Chinese Cyber Espionage Campaign|Zoom Fixes CVE-2026-53412, a Critical Account Takeover Bug|US and allied Governments’ Recommendations: Securing Network Devices Against Russian APT Groups|Chaotic Eclipse Unveils LegacyHive Exploit Affecting Fully Patched Windows Systems|AsyncAPI npm Supply Chain Attack: Malware Injected Into Packages With 2 Million Weekly Downloads|U.S. CISA adds SonicWall and Microsoft flaws to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

How to hack a Segway Ninebot miniPRO hoverboard in 20 seconds

Attackers could remotely hack and hijack Ninebot miniPRO hoverboard in just 20 seconds of continuous Bluetooth connection. Do you have an hoverboard? This news will probably surprise you because according to the experts at security firm IOActive, your hoverboard could be hacked too. The security researcher Thomas Kilbride from IOActive has found several critical vulnerabilities in […]

Segway Ninebot miniPRO hoverboard

Attackers could remotely hack and hijack Ninebot miniPRO hoverboard in just 20 seconds of continuous Bluetooth connection.

Do you have an hoverboard? This news will probably surprise you because according to the experts at security firm IOActive, your hoverboard could be hacked too.
The security researcher Thomas Kilbride from IOActive has found several critical vulnerabilities in Segway Ninebot miniPRO hoverboard. The vulnerabilities could be exploited by a remote attacker to take “full control” over the hoverboard within range-

The Segway Ninebot miniPRO is a high-speed, self-balancing, two-wheel, hands-free electric scooter. It is very sophisticated and allows riders to control the hoverboard by a mobile app.

The mobile app allows owners to perform a number of activities with their hoverboard such as adjust light colors, set anti-theft alarms, and even remotely control the movement of the Segway Ninebot miniPRO scooter.

“Using reverse engineering and protocol analysis techniques, I was able to determine that my Ninebot by Segway miniPRO (Ninebot purchased Segway Inc. in 2015) had several critical vulnerabilities that were wirelessly exploitable. These vulnerabilities could be used by an attacker to bypass safety systems designed by Ninebot, one of the only hoverboards approved for sale in many countries.” wrote Kilbride.

Segway Ninebot miniPRO hoverboard hack

Kilbride told Forbes, that an attacker just needs 20 seconds of Bluetooth connection to hack the hoverboard remotely.

“Attacks could be carried out with just 20 seconds of continuous Bluetooth connection to a Segway hoverboard, said IOActive researcher Thomas Kilbride. “It may be sped up using other means,” he told Forbes. “It’s a little bit alarming.” Not only would it be possible to kill the motor mid-drive, but it’d be simple to steal a miniPRO too, as seen in his demonstration video below.”

Below the vulnerabilities discovered by the expert:

  • Security PIN Bypass — Rider don’t need a PIN (Personal Identification Number) to establish a connection to the device. An attacker can use the modified version of the Nordic UART app to connect Segway Ninebot miniPRO via Bluetooth without providing the security PIN.
  • Lack of encryption for the communications — The communication between the Ninebot App and the Hoverboard leverages an unencrypted channel, this means that attackers can perform man-in-the-middle attacks and inject malicious payloads.
  • Lack of Firmware Integrity Verification — The hoverboard did not implement any integrity checks on firmware images before applying them.
  • Leakage of GPS Location of Nearby Riders — The “Rider Nearby” GPS feature in Ninebot App which lets users locate other nearby miniPro riders in the real-time, exposes the hoverboard position through the phone’s GPS.
Thomas published a video PoC of the attack against the hoverboard demonstrating how he was able to push the malicious firmware update to the miniPro.

The flaws were fixed by Ninebot in April this year.

[adrotate banner=”9″]

Pierluigi Paganini

(Security Affairs – Segway Ninebot miniPRO, hoverboard, hacking)

[adrotate banner=”13″]