Hacking one shared IoT device (e-scooters, e-bikes, cars, chargers, etc.) to rule them all. 📱🛴❯❯❯🪤💸

Security researcher Hetian Shi recently presented his work on “Rentable IoT” devices: shared e-scooters, power banks, EV chargers and cars, umbrellas, washing machines, etc. - all the things you can rent using a mobile app.

The goal of the research was to turn local bugs into fleet-scale attacks. The author and his colleagues analyzed 81 Chinese and 11 European apps, found vulnerabilities that allow abuse of users or devices, and converted some of them into fleet-scale attacks.

Very good research on devices we use every day, and on vulnerabilities that can affect us as users of the “shared” economy.

Enjoy the slides and code below, and once the video presentation is released publicly, I’ll update this post.

More details:

The Rentable IoT Meltdown: Mass-Scale Hijacking of Shared Mobility and EV-Charging Fleets [PDF]: https://i.blackhat.com/Asia-26/Presentations/BHAS26-Shi-The%20Rentable%20IoT.pdf

Code and Data [Github]: https://github.com/Moriartysherry/BH-sharedIoT/