Differences

This shows you the differences between two versions of the page.

--- transportation:electric_standing_scooters [2025/12/26 00:38] – [Articles] timb
+++ transportation:electric_standing_scooters [2026/01/16 21:47] (current) – [Äike] timb
@@ Line 578: / Line 578: @@
 https://electrek.co/2022/10/19/high-tech-aike-t-electric-scooter-gets-worlds-first-proximity-unlocking-feature/
+== Bankrupt scooter startup left one private key to rule them all ==
+Owner reverse-engineered his ride, revealing authentication was never properly individualized
+Carly Page - Fri 16 Jan 2026 11:59 UTC
+An Estonian e-scooter owner locked out of his own ride after the manufacturer went bust did what any determined engineer might do. He reverse-engineered it, and claims he ended up discovering the master key that unlocks every scooter the company ever sold.
+The company in question, Äike, which filed for bankruptcy last year, built app-controlled electric scooters that rely on a phone and backend servers to do as basic a task as turning them on. That setup worked while the startup was still around. Once it wasn't, owners were left with pricey scooters that only unlocked when the cloud happened to answer.
+Some features limped along for a while, others stopped altogether. So rather than trust his commute to a bankrupt startup's servers, one owner, Rasmus Moorats, an Estonian security researcher and penetration tester, took matters into his own hands and started poking around to see how the scooter really worked.
+A closer look at the Android app and Bluetooth traffic showed that locking, unlocking, and basic status checks all occur locally over Bluetooth, with the cloud mostly along for the ride.
+Before accepting commands, the scooter runs a simple authentication check: it sends a short challenge, the app replies with a cryptographic response, and access is granted. It's designed to stop random passers-by from hopping on and riding off. In theory, at least.
+https://www.theregister.com/2026/01/16/bankrupt_scooter_startup_key/