Marco Casagrande’s presentation of our E-Spoofer paper about Xiaomi e-scooters' security and privacy recorded at ACM WiSec'23
Riccardo Cestaro’s master thesis, done at EURECOM in my group as a visiting student from UniPD, won the second prize in the CLUSIT (Italian Association for Information Security) thesis contest. CLUSIT yearly awards some of the best Information security theses in Italy. The list of winners is available here.
Marco Casagrande presented at WiSec'23 our paper titled: E-Spoofer: Attacking and Defending Xiaomi Electric Scooter Ecosystem.
In a nutshell, we reverse-engineered the proprietary wireless protocols used by Xiaomi e-scooters and companions applications (i.e., Mi Home) over BLE, found critical vulnerabilities, exploited them to get arbitrary read and write capabilities on an e-scooter both in proximity and remotely (via a malicious Android app), developed concrete countermeasures, released a toolkit to reproduce our findings and tamper with the protocols, and responsibly disclosed our results to Xiaomi.