Presentation Material
Abstract
In this talk, we are going to talk about ECU vulnerabilities in e-scooters. Our target is Indian OEM, though similar or same vulnerabilities can be found in other e-scooters. We are going to demonstrate the attack where we took control of an e-scooter with the help of a hardware implant attack. The devices used in this research are cheap to make and cost-effective.
We will show you how we reverse-engineered all functionality of the e-scooter with respect to CANBUS messages and created a hardware implant to install inside the scooter allowing remote access.
Our talk covers:
- Basic information on E-scooter architecture and Safety Functionality
- Different OEMs in India and their standpoints in market
- TARA analysis of ECU with respect to E-Scooters level
- Attack demos
AI Generated Summary
This research investigates the security of electric scooters, focusing on vulnerabilities within their Controller Area Network (CAN) bus systems. Inspired by prior attacks on connected cars, the study examines the rapidly growing Indian electric scooter market, where vehicles increasingly incorporate telematics and infotainment systems that expand the attack surface.
The talk details the typical architectures of electric scooters, ranging from single-ECU systems to more complex multi-ECU setups with separate infotainment units. Communication between these electronic control units (ECUs) occurs over the CAN bus, where messages are prioritized by transmission frequency (e.g., 250ms for critical functions like braking). Through physical reverse engineering, researchers identified CAN high/low wires, intercepted traffic, and mapped specific arbitration IDs to vehicle functions such as motor control, battery status, and error alerts.
Key findings reveal that several safety-critical CAN messages lack proper authentication. Attackers can spoof or replay messages like “battery low” or “scooter issue going to halt” to abruptly disable the motor, even while in motion. Demonstrated attacks include CAN injection, fuzzing, and a bus-off attack that jams the entire network. A low-cost hardware implant (approximately $15 using an Arduino and CAN transceiver) was physically installed inside a scooter, enabling remote Wi-Fi-triggered attacks that successfully killed the vehicle during operation.
The practical implications are significant: current electric scooter designs lack network segmentation (gateways) and intrusion detection systems present in modern automobiles. This makes them viable targets for disruption, especially in dense urban environments. The research underscores an urgent need for manufacturers to integrate automotive-grade cybersecurity standards, conduct rigorous third-party security assessments, and implement protective measures like gateways to mitigate CAN bus exploitation. The growing market size and connected features make e-scooter security a critical, yet often overlooked, area.