A Trailblazer in Security, Innovation, and Education Arun Mane, a visionary leader and luminary in the field of cybersecurity, wears many hats. He is not only the Founder and CEO of Amynasec Labs, but also the co-Founder and CEO of UnoAcademy, a distinguished training provider. With a resolute focus on Vehicle/IoT/ICS/IoMT security, Arun is also a recognized Hardware, IoT, and ICS Security Researcher, shaping the future of digital protection. Arun’s passions encompass a spectrum of technological domains. 

He delves into Hardware Security, SCADA systems, Automotive Security, Fault Injection, RF protocols, and the intricacies of Firmware Reverse Engineering. His inquisitive mind thrives on unraveling complex systems and identifying vulnerabilities that safeguard the digital landscape. Arun’s expertise extends to performing Security Audits aligned with ISO 62443, ISO 21434, NIST frameworks, catering to both government and private clients. His insights have proven invaluable in fortifying digital infrastructures against ever-evolving threats. His prominence shines brightly on the international stage. 

Arun has delivered captivating talks at an array of prestigious conferences, leaving a lasting impact on audiences worldwide. Noteworthy appearances include Nullcon in Goa from 2016 to 2018, GNUnify 2017, Defcamp in Romania from 2017 to 2019, Hacktivity in Budapest 2019 and 2023, Rootcon 2020 in the Philippines, BsidesDelhi 2017, c0c0n x in 2017 and 2019, BSides Ahmedabad 2021, EFY 2018, x33fcon from 2018 to 2021, BlackHat USA 2018, Defcon USA 2018, OWASP Seasides 2019 in Goa, and HITB Red Team Village 2020, HITB Phucket in 2023, Seasides Goa in 2023. These platforms serve as a testament to his remarkable insights and thought leadership in the cybersecurity realm.

Hardware Backdooring an e-Scooter

Nowadays, smart cars are equipped with a lot of sensors to make cars smarter which can take decisions automatically or logic written in ECU. 

But in the same way, motorcycles and scooters become smart and work on electricity. Scooters are becoming smarter and smarter than traditional one which works on gasoline. Intelligent scooters work on usually on one or two ECUs depending on the working style. No one focuses on the smart scooter yet from per cybersecurity standpoint. 

In this talk, we will talk about those vulnerabilities that can affect working mechanisms and functional safety standpoints. Our target is Indian OEM, who sold out more than 1,50,000 in the year and sold out more. The same vulnerabilities can be found in all sold-out e-scooters, We will demonstrate the attack where we took control of an e-scooter with the help of a hardware implant attack. The devices used in this research are cost-effective. 

The best part of this research talk, we are not only focusing on only attack part but also on TARA which can be beneficial for Automotive and IoT representatives, cybersecurity experts, and manufacturers. 

In this research, we reverse-engineered all functionality of e-scooters with respect to Canbus messages and Safery functionality implemented in e-scooters. Main functionality such as acceleration and Deacceleration, side indicator, breaking mechanism, and so on. After reverse engineering of physical e-scooter, we made our hardware implant to set up inside the scooter and we controlled the entire scooter with the help of identified vulnerabilities. We can stop the scooter while driving the scooter remotely. It is a functionality and safety function flaw we found in the scooter itself. We also attacked other models of e-scooter resulted in the same conclusion. We also performed the TARA report on the e-scooter level as per ISO21434 standard and we found some serious risks, these attacks are derived from the TARA report.