An Estonian security researcher unlocked every Äike e-scooter by reverse-engineering its Bluetooth security flaw, exposing critical vulnerabilities in the company’s IoT devices. This highlights the risks of default settings and poor key management in IoT products, especially after a manufacturer goes bankrupt. #Äike #IoTVulnerabilities
Keypoints
- The Äike e-scooter relied on app-controlled Bluetooth that worked independently of cloud servers.
- The security flaw was due to all scooters shipping with the same default cryptographic key.
- Once the manufacturer went bankrupt, losing server support, scooters became inaccessible except through reverse-engineering.
- The vulnerability allows anyone within Bluetooth range to unlock any nearby scooter with minimal effort.
- The incident underscores the importance of proper key management and default security settings in IoT devices.
Read More: https://www.theregister.com/2026/01/16/bankrupt_scooter_startup_key/