Security researcher Hetian Shi from Tsinghua University presented at Black Hat Asia findings showing that rentable IoT infrastructure — including public EV chargers and shared e-bikes — has critical security flaws. Devices often expose debugging ports or UART connectors, contain shared authentication keys in firmware, and have backends that fail to properly authenticate users. Shi built a tool called IDScope and live-demonstrated disabling a specific EV charger in Shanghai via a vulnerable iOS app. The flaws could allow attackers to take down an entire city's EV charging network, charge vehicles for free, or steal personal data. Testing of 11 European shared bike and scooter apps suggests the vulnerabilities extend beyond China.
Sort: