E-Spoofer paper at WiSec'23

Marco Casagrande presented at WiSec'23 our paper titled: E-Spoofer: Attacking and Defending Xiaomi Electric Scooter Ecosystem.

In a nutshell, we reverse-engineered the proprietary wireless protocols used by Xiaomi e-scooters and companions applications (i.e., Mi Home) over BLE, found critical vulnerabilities, exploited them to get arbitrary read and write capabilities on an e-scooter both in proximity and remotely (via a malicious Android app), developed concrete countermeasures, released a toolkit to reproduce our findings and tamper with the protocols, and responsibly disclosed our results to Xiaomi.

Useful links: Paper, Slides, Code, Demos, WiSec tweet.

This work continues our exploration of obscure proprietary protocols used in popular and high risk setups, including our research on Xiaomi and Fitbit fitness trackers presented last year at CHES.

Shout-out to the paper’s co-authors: Marco Casagrande, Riccardo Cestaro, Eleonora Losiouk, and Mauro Conti. And the funding partners: ORSHIN (EU) and the Air Force Office of Scientific Research.