COMMSEC: Hardware Backdooring an eScooter


August 24, 2023




CommSec Track

In this talk, we are going to talk about ECU vulnerabilities in e-scooters. Our target is Indian OEM, though similar or  same vulnerabilities can be found in other e-scooters, We are going to demonstrate the attack where we took control of an e-scooter with the help of a hardware implant attack. The devices used in this research  is cheap to make and cost-effective.

We will show you how we reverse-engineered all functionality of the e-scooter with respect to CANBUS messages and created a hardware implant to install inside the scooter allowing remote access.

Our talk covers:

  • Basic information on E-scooter architecture and Safety Functionality
  • Different OEMs in India and their standpoints in market
  • TARA analysis of ECU with respect to E-Scooters level
  • Attack demos

Founder & CEO

Amynasec Labs

Arun Mane is a Founder and CEO of Amynasec Labs company which is specialized in Vehicle/Iot/ICS and he is also Hardware, IOT, and ICS Security Researcher.
His areas of interest are Hardware Security, SCADA, Automotive security, Fault Injection, RF protocols, and Firmware Reverse Engineering. He also has experience in performing Security Audits (iso 62443, iso 21434, Nist frameworks) for both Government and private clients.
He has presented a talk at the nullcon 2016,2017,2018 Goa, GNUnify 2017, Defcamp 2017, 2018,2019 Romania, Hacktivity 2019 Budapest, Rootcon 2020 Philippines, BsidesDelhi 2017, c0c0n x 2017,2019, BSides Ahmedabad 2021, EFY 2018, x33fcon2018,2019,2021, BlackHat USA 2018, Defcon USA 2018, OWASP Seasides 2019 Go, HITB Red team Village 2020.
He is also a trainer for Practical Industrial Control Systems (ICS) hacking training, delivered in x33fcon2018,2019, HIP 2018, and also delivered training for IoT hacking in HITB 2017, HIP 2017, BlackHat Asia 2018, and private clients in London, Australia, Sweden, Netherlands, etc. Currently giving training on Exploiting IIOT, Reversing and exploiting Vehicles. He is an active member of the null open community.