CVE-2015-2247

Vulnerability

Boosted Boards electric skateboards are vulnerable to a Bluetooth injection attack. The boards use an unencrypted or weakly encrypted Bluetooth connection between the handheld controller and the skateboard's motor controller. This allows an attacker within Bluetooth range to block the legitimate signal and force the board to pair with an attacker-controlled device. The affected firmware and hardware versions were not explicitly detailed in the available sources. [1][2]

Exploitation

An attacker needs to be physically proximate (within standard Bluetooth range, approximately 10–30 meters) and does not require authentication. The attack involves saturating the 2.4 GHz spectrum to disconnect the legitimate controller, then spoofing the controller's Bluetooth signals to pair with the board. The process can be automated with a script, and the attacker can execute it rapidly—as fast as 10 seconds—even while carrying a laptop in a backpack. [1][2]

Impact

Successful exploitation allows the attacker to fully control the skateboard's motor, including acceleration and braking, while a rider is using it. This can cause the rider to be thrown off, leading to injury, or cause the board to crash into obstacles, resulting in physical damage. The attack constitutes remote hijacking of the vehicle's motion control. [2]

Mitigation

As of the publication date (2015-04-10), no official firmware update or patch was available to address this vulnerability. The vendor did not publicly release a fixed version. Mitigation relies on users being aware that the Bluetooth connection is not secure and avoiding use in settings where a potential attacker could be within range. The vulnerability was not listed on CISA's Known Exploited Vulnerabilities (KEV) catalog. The researchers did not release their exploit code. [2]