search

maisi / M365-Power

Android app to get data from the Xiaomi M365 scooter
GNU General Public License v3.0
87 stars 21 forks source link

Set bluetooth password // scooter password #8

Open softmarshmallow opened 5 years ago

softmarshmallow commented 5 years ago

Plz add funtionality to lock scooter with password.. so others cant unlock

maisi commented 5 years ago

I might do, but it's apparently useless as a security measure: "During our research, we determined the password is not being used properly as part of the authentication process with the scooter and that all commands can be executed without the password. The password is only validated on the application side, but the scooter itself doesn’t keep track of the authentication state." Source: https://blog.zimperium.com/dont-give-me-a-brake-xiaomi-scooter-hack-enables-dangerous-accelerations-and-stops-for-unsuspecting-riders/

I can't really test it right now because my scooter bms is broken.

softmarshmallow commented 5 years ago

@maisi Thanks for your reply. That's A Bad News... M365 Has another security issue that the power turns of after 3Hours even if it's locked. Are you aware of this? And in case, do you have the solution?

maisi commented 5 years ago

I was not aware of this because I never use the lock function (I use a physical lock). I also don't think it's possible to fix this without a change in the scooter firmware.