Zero Days: Electric Motorcycles Are a Security Nightmare
7 hours ago
- #Firmware Vulnerabilities
- #Electric Vehicles
- #Cybersecurity
- Zero Motorcycles' electric motorcycles have significant security vulnerabilities due to their newness and lack of scrutiny.
- Researchers bypassed authentication, signed arbitrary firmware, and identified potential for malicious firmware.
- Physical hardware analysis was hindered by Zero's security measures, including resin-encased PCBs.
- The Zero Motorcycles Android app contained hardcoded credentials and lacked proper authentication checks.
- Firmware updates were vulnerable due to static SHA-512 hashing with a hardcoded salt.
- Researchers demonstrated the ability to inject malicious firmware via Bluetooth and CAN bus connections.
- Potential attacks include remote control via cellular modems, disabling safety features, and causing physical harm.
- Disclosure attempts to Zero Motorcycles were ignored for over a year before partial fixes were implemented.