June 22, 2019

It appears that nothing is safe from hackers these days, not even electric skateboards.

A new program developed by Richo Healey, a security worker at Stripe, and Mike Ryan, a researcher and security worker for eBay, shows that electric skateboard are indeed susceptible to hacking. While an electric skateboard certainly isn’t a car, if it suddenly comes to a stop, you can be hurled from it and badly hurt. Worse yet, if you’re near a busy street, the consequences can be quite dire.

How Did This Start?

The new program developed by the two men is named FacePlant; it was started when Healy was on his skateboard riding through an intersection. All of a sudden, his board came to a complete stop and he was thrown forward; fortunately, he was not hurt.

He came to the conclusion that because there was so much Bluetooth noise in the area, it inhibited the connection between the remote and the board. Due to this one instance, he wondered if he could replicate it again; that’s how FacePlant was born.

How Does FacePlant Work?

The program gives the user complete control of an electric skateboard. They can stop it, reverse it, or speed it up. For their purposes, the two used a Boosted E-Go board and a board by Rev; they found at least one issue with each. These two experts discussed what they found at Def Con in Las Vegas, in hopes that they could ensure the next boards these manufacturers bring to the market are more secure and much safer.

Through their tests, they’ve found it takes two to ten seconds for a hacker to find the Bluetooth connection between the board and the remote. Only ten milliseconds are required to get enough information about the Bluetooth connection to gain complete control of the board.

It’s a short span of time, but it can be done. Once that happens, the remote to the skateboard is useless.

The Risks

These faults all stemmed from the fact that the manufacturer did not encrypt the Bluetooth communication network between the remote and the boards themselves. The Boosted board works with an app to adjust the speed and uses Bluetooth to make the connection from the app to the board.

As such, a hacker nearby can get in between the board and the app, connecting the board to their laptop. Once that’s achieved, they can do whatever they want to the board, such as throwing the rider off and disengaging the brakes.

Other Issues

But the risks don’t just stop with the person on the skateboard; they apply to people around the rider as well. Bike riders, drivers of motorcycles and cars, and pedestrians could all be affected by a hacked electric skateboard.

The rider could be thrown from a board and slam into a car, end up reversing into a bike, or run into a pedestrian. With the dead man’s switch on most skateboards being disabled by the hacker, the rider would not be able to stop. A hacked skateboard can be dangerous for everyone.

What Stands in Hackers Way

However, there are a few things standing in the hackers’ way of completely taking over the board. That’s what started this entire project: Bluetooth noise.

The hacker doesn’t know which Bluetooth signal belongs to the board if they are in a high-traffic area. If you are in a more rural or less populated area, hacking is easier to achieve.

What’s the Point?

As stated by Healey and Ryan, the whole point of their research is to ensure companies are making the safest product possible. It’s important for people to know the risks when using an electric skateboard. While they have reported their findings to the companies they tested, so far, nothing has been done to fix the issue.