The exploit relates to a problem with the Bluetooth module on the scooter, which allows the device to communicate with a driver's smartphone. The researchers were able to connect to a scooter via Bluetooth without being asked for a password or any other form of identification. Once the connection was made, the researchers found they could control the scooter from their phone. They said they should get slower or faster regardless of what the driver did, which could put them in a dangerous situation. They also found that it was possible to load malware onto the computer.
After Zimperium Xiaomi reported the error, the company informed the researchers that they could not fix the problem themselves. The company has received the Bluetooth Implementation Module for the M365 model scooter from a third-party vendor and needs to work with that company to resolve the issue. Until then, the M365 scooters run the risk of falling victim to Bluetooth hijackings.