Shetty explained,“Zero motorcycles have a Bluetooth pairing mode that activates when you hold the Mode button for about five seconds, or if the bike has simply never been paired before. During that window, the key exchange doesn’t actually verify who is connecting. An attacker standing within Bluetooth range could jump in and pair their own device to the bike, and the motorcycle would accept it as a legitimate connection. Once you’re paired, you look like a trusted device, and you can use the firmware update channel to push a modified firmware image to the motorcycle.”Once the attacker uploads malicious firmware, they can perform actions that could pose a serious safety risk.“The motorcycle’s main microcontroller controls safety-critical features which includes the torque output, regenerative braking, the contactors that deliver power to the motor, and battery management. If you can get your own firmware on there, you can mess with any of that. For a real world impact, you can think about what that means on a vehicle doing highway speeds. You could alter how the throttle responds, interfere with braking behavior, or even manipulate battery thermal safeguards. The board also has access to a cellular modem for GPS and telemetry, which in theory could be repurposed for remote command-and-control. We’re not talking about someone changing the color of your dashboard; this is firmware that governs the physical behavior of the vehicle.”CISA said the vendor plans on releasing a firmware patch in May and in the meantime it has advised users to pair their motorcycle to their phone in a safe location where no one else can attempt pairing at the same time.Bureau Veritas Cybersecurity says it regularly conducts in-depth research of various types of products, including open source frameworks, healthcare and financial protocols, password managers, and even proprietary systems like scoreboards.Zero Motorcycles has not responded to SecurityWeek’s request for comment.Yadea T5 scooter vulnerabilityCISA recently published a separateadvisoryfor another potentially serious vulnerability affecting a powered two-wheeler, the T5 scooter made by Chinese company Yadea.The security hole, tracked as CVE-2025-70994 and rated ‘high severity’, is a weak authentication issue that can allow an attacker to intercept legitimate key fob transmissions.According to anadvisoryfrom Ashen Chathuranga, the researcher who found the vulnerability, an attacker in proximity of the targeted scooter can intercept a non-sensitive command — for instance, a lock command — issued by the owner.Using data from the victim’s command, the attacker can “mathematically synthesize” a different command, including unlock and start commands, which enables the attacker to steal the electric scooter.Conducting an attack does not take long. Chathuranga toldSecurityWeekthat an attacker can instantly issue a new command and conduct a replay attack after capturing a command from the victim.CISA and the researcher say Yadea has yet to release a patch. The vendor has not responded to SecurityWeek’s request for comment.Related:Free Wi-Fi Leaves Buses Vulnerable to Remote HackingRelated:Researchers Uncover Method to Track Cars via Tire SensorsRelated:Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking
“Zero motorcycles have a Bluetooth pairing mode that activates when you hold the Mode button for about five seconds, or if the bike has simply never been paired before. During that window, the key exchange doesn’t actually verify who is connecting. An attacker standing within Bluetooth range could jump in and pair their own device to the bike, and the motorcycle would accept it as a legitimate connection. Once you’re paired, you look like a trusted device, and you can use the firmware update channel to push a modified firmware image to the motorcycle.”
Once the attacker uploads malicious firmware, they can perform actions that could pose a serious safety risk.“The motorcycle’s main microcontroller controls safety-critical features which includes the torque output, regenerative braking, the contactors that deliver power to the motor, and battery management. If you can get your own firmware on there, you can mess with any of that. For a real world impact, you can think about what that means on a vehicle doing highway speeds. You could alter how the throttle responds, interfere with braking behavior, or even manipulate battery thermal safeguards. The board also has access to a cellular modem for GPS and telemetry, which in theory could be repurposed for remote command-and-control. We’re not talking about someone changing the color of your dashboard; this is firmware that governs the physical behavior of the vehicle.”CISA said the vendor plans on releasing a firmware patch in May and in the meantime it has advised users to pair their motorcycle to their phone in a safe location where no one else can attempt pairing at the same time.Bureau Veritas Cybersecurity says it regularly conducts in-depth research of various types of products, including open source frameworks, healthcare and financial protocols, password managers, and even proprietary systems like scoreboards.Zero Motorcycles has not responded to SecurityWeek’s request for comment.Yadea T5 scooter vulnerabilityCISA recently published a separateadvisoryfor another potentially serious vulnerability affecting a powered two-wheeler, the T5 scooter made by Chinese company Yadea.The security hole, tracked as CVE-2025-70994 and rated ‘high severity’, is a weak authentication issue that can allow an attacker to intercept legitimate key fob transmissions.According to anadvisoryfrom Ashen Chathuranga, the researcher who found the vulnerability, an attacker in proximity of the targeted scooter can intercept a non-sensitive command — for instance, a lock command — issued by the owner.Using data from the victim’s command, the attacker can “mathematically synthesize” a different command, including unlock and start commands, which enables the attacker to steal the electric scooter.Conducting an attack does not take long. Chathuranga toldSecurityWeekthat an attacker can instantly issue a new command and conduct a replay attack after capturing a command from the victim.CISA and the researcher say Yadea has yet to release a patch. The vendor has not responded to SecurityWeek’s request for comment.Related:Free Wi-Fi Leaves Buses Vulnerable to Remote HackingRelated:Researchers Uncover Method to Track Cars via Tire SensorsRelated:Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking
“The motorcycle’s main microcontroller controls safety-critical features which includes the torque output, regenerative braking, the contactors that deliver power to the motor, and battery management. If you can get your own firmware on there, you can mess with any of that. For a real world impact, you can think about what that means on a vehicle doing highway speeds. You could alter how the throttle responds, interfere with braking behavior, or even manipulate battery thermal safeguards. The board also has access to a cellular modem for GPS and telemetry, which in theory could be repurposed for remote command-and-control. We’re not talking about someone changing the color of your dashboard; this is firmware that governs the physical behavior of the vehicle.”
CISA said the vendor plans on releasing a firmware patch in May and in the meantime it has advised users to pair their motorcycle to their phone in a safe location where no one else can attempt pairing at the same time.Bureau Veritas Cybersecurity says it regularly conducts in-depth research of various types of products, including open source frameworks, healthcare and financial protocols, password managers, and even proprietary systems like scoreboards.Zero Motorcycles has not responded to SecurityWeek’s request for comment.Yadea T5 scooter vulnerabilityCISA recently published a separateadvisoryfor another potentially serious vulnerability affecting a powered two-wheeler, the T5 scooter made by Chinese company Yadea.The security hole, tracked as CVE-2025-70994 and rated ‘high severity’, is a weak authentication issue that can allow an attacker to intercept legitimate key fob transmissions.According to anadvisoryfrom Ashen Chathuranga, the researcher who found the vulnerability, an attacker in proximity of the targeted scooter can intercept a non-sensitive command — for instance, a lock command — issued by the owner.Using data from the victim’s command, the attacker can “mathematically synthesize” a different command, including unlock and start commands, which enables the attacker to steal the electric scooter.Conducting an attack does not take long. Chathuranga toldSecurityWeekthat an attacker can instantly issue a new command and conduct a replay attack after capturing a command from the victim.CISA and the researcher say Yadea has yet to release a patch. The vendor has not responded to SecurityWeek’s request for comment.Related:Free Wi-Fi Leaves Buses Vulnerable to Remote HackingRelated:Researchers Uncover Method to Track Cars via Tire SensorsRelated:Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking
Bureau Veritas Cybersecurity says it regularly conducts in-depth research of various types of products, including open source frameworks, healthcare and financial protocols, password managers, and even proprietary systems like scoreboards.Zero Motorcycles has not responded to SecurityWeek’s request for comment.Yadea T5 scooter vulnerabilityCISA recently published a separateadvisoryfor another potentially serious vulnerability affecting a powered two-wheeler, the T5 scooter made by Chinese company Yadea.The security hole, tracked as CVE-2025-70994 and rated ‘high severity’, is a weak authentication issue that can allow an attacker to intercept legitimate key fob transmissions.According to anadvisoryfrom Ashen Chathuranga, the researcher who found the vulnerability, an attacker in proximity of the targeted scooter can intercept a non-sensitive command — for instance, a lock command — issued by the owner.Using data from the victim’s command, the attacker can “mathematically synthesize” a different command, including unlock and start commands, which enables the attacker to steal the electric scooter.Conducting an attack does not take long. Chathuranga toldSecurityWeekthat an attacker can instantly issue a new command and conduct a replay attack after capturing a command from the victim.CISA and the researcher say Yadea has yet to release a patch. The vendor has not responded to SecurityWeek’s request for comment.Related:Free Wi-Fi Leaves Buses Vulnerable to Remote HackingRelated:Researchers Uncover Method to Track Cars via Tire SensorsRelated:Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking
Zero Motorcycles has not responded to SecurityWeek’s request for comment.Yadea T5 scooter vulnerabilityCISA recently published a separateadvisoryfor another potentially serious vulnerability affecting a powered two-wheeler, the T5 scooter made by Chinese company Yadea.The security hole, tracked as CVE-2025-70994 and rated ‘high severity’, is a weak authentication issue that can allow an attacker to intercept legitimate key fob transmissions.According to anadvisoryfrom Ashen Chathuranga, the researcher who found the vulnerability, an attacker in proximity of the targeted scooter can intercept a non-sensitive command — for instance, a lock command — issued by the owner.Using data from the victim’s command, the attacker can “mathematically synthesize” a different command, including unlock and start commands, which enables the attacker to steal the electric scooter.Conducting an attack does not take long. Chathuranga toldSecurityWeekthat an attacker can instantly issue a new command and conduct a replay attack after capturing a command from the victim.CISA and the researcher say Yadea has yet to release a patch. The vendor has not responded to SecurityWeek’s request for comment.Related:Free Wi-Fi Leaves Buses Vulnerable to Remote HackingRelated:Researchers Uncover Method to Track Cars via Tire SensorsRelated:Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking
CISA recently published a separateadvisoryfor another potentially serious vulnerability affecting a powered two-wheeler, the T5 scooter made by Chinese company Yadea.The security hole, tracked as CVE-2025-70994 and rated ‘high severity’, is a weak authentication issue that can allow an attacker to intercept legitimate key fob transmissions.According to anadvisoryfrom Ashen Chathuranga, the researcher who found the vulnerability, an attacker in proximity of the targeted scooter can intercept a non-sensitive command — for instance, a lock command — issued by the owner.Using data from the victim’s command, the attacker can “mathematically synthesize” a different command, including unlock and start commands, which enables the attacker to steal the electric scooter.Conducting an attack does not take long. Chathuranga toldSecurityWeekthat an attacker can instantly issue a new command and conduct a replay attack after capturing a command from the victim.CISA and the researcher say Yadea has yet to release a patch. The vendor has not responded to SecurityWeek’s request for comment.Related:Free Wi-Fi Leaves Buses Vulnerable to Remote HackingRelated:Researchers Uncover Method to Track Cars via Tire SensorsRelated:Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking
The security hole, tracked as CVE-2025-70994 and rated ‘high severity’, is a weak authentication issue that can allow an attacker to intercept legitimate key fob transmissions.According to anadvisoryfrom Ashen Chathuranga, the researcher who found the vulnerability, an attacker in proximity of the targeted scooter can intercept a non-sensitive command — for instance, a lock command — issued by the owner.Using data from the victim’s command, the attacker can “mathematically synthesize” a different command, including unlock and start commands, which enables the attacker to steal the electric scooter.Conducting an attack does not take long. Chathuranga toldSecurityWeekthat an attacker can instantly issue a new command and conduct a replay attack after capturing a command from the victim.CISA and the researcher say Yadea has yet to release a patch. The vendor has not responded to SecurityWeek’s request for comment.Related:Free Wi-Fi Leaves Buses Vulnerable to Remote HackingRelated:Researchers Uncover Method to Track Cars via Tire SensorsRelated:Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking
According to anadvisoryfrom Ashen Chathuranga, the researcher who found the vulnerability, an attacker in proximity of the targeted scooter can intercept a non-sensitive command — for instance, a lock command — issued by the owner.Using data from the victim’s command, the attacker can “mathematically synthesize” a different command, including unlock and start commands, which enables the attacker to steal the electric scooter.Conducting an attack does not take long. Chathuranga toldSecurityWeekthat an attacker can instantly issue a new command and conduct a replay attack after capturing a command from the victim.CISA and the researcher say Yadea has yet to release a patch. The vendor has not responded to SecurityWeek’s request for comment.Related:Free Wi-Fi Leaves Buses Vulnerable to Remote HackingRelated:Researchers Uncover Method to Track Cars via Tire SensorsRelated:Serial-to-IP Converter Flaws Expose OT and Healthcare Systems to Hacking
Source: SecurityWeek
