Hacking Wheelchairs over Bluetooth: A critical Security Vulnerability
Recent research has revealed a significant security flaw in WHILL Model Ci2 power wheelchairs, demonstrating the potential for remote control via Bluetooth connections. This vulnerability, highlighted by security researchers and prompting a Cybersecurity and Infrastructure Security Agency (CISA) advisory, raises serious concerns about the safety and security of individuals relying on these devices. The implications extend beyond WHILL wheelchairs, underscoring the broader risks associated with the increasing connectivity of medical devices within the Internet of Things (iot).
CISA stated that WHILL wheelchairs lacked proper authentication for Bluetooth connections, enabling an attacker within Bluetooth range to pair with the device without credentials. This unauthorized access allows manipulation of the wheelchair’s movements, override of speed limitations, and alteration of configuration profiles, all without any user interaction or authentication.
Sidebar photo of Bruce Schneier by Joe MacInnis.
