Ransomware, Tracking, DoS, and Data Leaks on Xiaomi Electric Scooters
Black Hat USA 2025 · Day 1 · Briefings
Researchers from EURECOM and KTH demonstrated five novel attacks on Xiaomi electric scooters (Mi 3 and M365 models) using a technique called eTrojans: by flashing unsigned, unencrypted firmware over Bluetooth Low Energy, an attacker can physically damage the scooter's lithium battery via dangerous overvoltage or undervoltage, deploy the world's first e-scooter ransomware, track users via internal hardware fingerprints, perform denial-of-service on internal UART communications, and leak hashed user passwords — all from wireless proximity using a laptop or a malicious app installed on the victim's phone. ---
AI review
Academic researchers built the first e-scooter ransomware and demonstrated remote overvoltage battery destruction — 4.9V on cells rated to 4.2V, 0V drain in 3.5 hours, 50% permanent capacity reduction — via unsigned BLE firmware updates and a three-chip attack chain that Xiaomi shipped for years with no authentication. The physical safety dimension makes this more than a consumer IoT story.