38C3 Community Stages

Farm your own C2: Adventures in hacking Micromobility IOT
2024-12-27 , Stage HUFF
Language: English

With the surge of shared e-scooters and IoT-enabled rental vehicles in cities worldwide, security vulnerabilities across these platforms have exposed users to significant privacy risks.
This talk delves into the exploitation of Wi-Fi and Bluetooth functionalities on various scooter models, outlining how these weaknesses can lead to coordinated surveillance, privacy breaches, and even "gang stalking".


Rental micromobility vehicles are rapidly transforming urban transportation, yet their convenience comes with hidden dangers.
Many of these devices, equipped with cameras, GPS, Wi-Fi, and Bluetooth, have been found lacking in robust security, making them vulnerable to exploitation.
This talk provides an in-depth look at real-world examples of compromised devices, revealing how attackers can gain unauthorised access to IOT networks and legitimate C2 Infrastructure and misuse this access for coordinated surveillance, stalking, and data harvesting.

Attendees will learn about the technical steps involved in accessing these systems, the consequences of such breaches on user privacy, and how pervasive this issue has become across vendors. The session aims to raise awareness of the urgent need for stronger security measures and to discuss solutions for securing IoT devices in public spaces.

Jamie is a self taught Australian programmer with 15+ years of experience breaking things. He has an interest in vulnerability research, reverse engineering, social engineering, forensics & RFID.