Skip to content

nsbogam/ebike

main
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
 
 

Joy Ebike Wolf 2022 variant replay attack to unlock the scooter

This is a report about a cyber security issue identified in Joy ebike unlock feature

Summary: Joy ebike Wolf variant manufactured in 2022 has a feature to lock or unlock/drive the vehicle via ebike key fob. In this vehicle, if the unlock/drive command is sniffed by Hackrf and replayed, it is possible to unlock/drive the vehicle.

Affected Product: Joy ebike Wolf, Manufacturing year 2022

Addition details URL: https://www.joyebike.com/product/wolf-bike/

Detailed report

Required Setup:

  1. Joy ebike Wolf, Manufacturing year 2022
  2. Joy ebike vehicle keys.
  3. Hackrf with antenna

Following steps shall be followed to achieve the Proof of concept:

  1. Activate Hackrf in rx mode on 433.92 MHz
  2. Press unlock/drive button on key fob
  3. Hackrf captures the unlock frame command.
  4. Lock the vehicle with a key.
  5. Now replay the command which is captured.
  6. Vehicle gets unlocked and is able to drive.

Additional Note: Further analysis is not conducted, but multiple commands can be replayed.

Video proof of concept:

https://drive.google.com/file/d/1COrBDuncLs5yR5lotpxyMSWQDY6Br-qj/view?usp=sharing

Credits: Neelam Verma, Krutarth Raut, Nikhil Bogam

About

No description, website, or topics provided.

Resources

Stars

Watchers

Forks

Releases

No releases published

Packages

No packages published