Abstract

Nowadays, smart cars are equipped with a lot of sensors to make cars smarter which can take decisions automatically or logic written in ECU.

But in the same way, motorcycles and scooters become smart and work on electricity. Scooters are becoming smarter and smarter than traditional one which works on gasoline. Intelligent scooters work on usually on one or two ECUs depending on the working style. No one focuses on the smart scooter yet from per cybersecurity standpoint.

In this talk, we will talk about those vulnerabilities that can affect working mechanisms and functional safety standpoints. Our target is Indian OEM, who sold out more than 1,50,000 in the year and sold out more. The same vulnerabilities can be found in all sold-out e-scooters, We will demonstrate the attack where we took control of an e-scooter with the help of a hardware implant attack. The devices used in this research are cost-effective.

The best part of this research talk, we are not only focusing on only attack part but also on TARA which can be beneficial for Automotive and IoT representatives, cybersecurity experts, and manufacturers.

In this research, we reverse-engineered all functionality of e-scooters with respect to Canbus messages and Safery functionality implemented in e-scooters. Main functionality such as acceleration and Deacceleration, side indicator, breaking mechanism, and so on. After reverse engineering of physical e-scooter, we made our hardware implant to set up inside the scooter and we controlled the entire scooter with the help of identified vulnerabilities. We can stop the scooter while driving the scooter remotely. It is a functionality and safety function flaw we found in the scooter itself. We also attacked other models of e-scooter resulted in the same conclusion. We also performed the TARA report on the e-scooter level as per ISO21434 standard and we found some serious risks, these attacks are derived from the TARA report.