
Letting Bird’s scooters fly free - caf
https://mjg59.dreamwidth.org/53258.html
======
cookie_monsta
I believe these are the same scooters that you can swap out the motherboard
using a cheap conversion kit. The guy who wrote about it got a takedown notice
from Bird that the EFF ended up getting squashed.

[https://techcrunch.com/2019/01/11/scooter-startup-bird-
silen...](https://techcrunch.com/2019/01/11/scooter-startup-bird-silence-
journalist/)

------
cyberbanjo
These are the types of things that I feel like if could be made socially-viral
would make some really cool real cyberpunk effects. Teach all the people with
any interest how to hack the public scooters and do what they will.

~~~
0b0001
How is it cool when people steal scooters and the companies ultimately stop to
offer rental scooters?

Nobody will maintain the scooters just because cool and cyberpunk and viral.

[Edit: do I misinterpret your post?]

~~~
lovich
How is it cool when these scooter companies steal a public good in terms of
space on sidewalks?

I don't recall my town voting on a bill allowing companies to park their fleet
on public land free of charge.

If you are making a living by stealing(and yes I equate using public land
without a license as the same thing as stealing), then it's pretty
hypocritical to complain that others steal from you

~~~
Cthulhu_
Draw a comparison: would it be OK to hack / steal cars because they take up
space?

I mean sure, scooters being dropped left and right is a problem - something
Bird and co need to address, e.g. by fining anyone not leaving their items in
designated areas - but transportation needs somewhere to stand. Whether said
transportation is owned by a company or an individual is a moot point.

~~~
tyfon
> Draw a comparison: would it be OK to hack / steal cars because they take up
> space?

You mean like towing cars that are parked illegally? One can not just put a
car wherever one likes, renting a spot can cost quite a lot depending on where
you live. When I was living in Oslo I didn't have a car but i rented my spot
that came with the apartment to the neighbour for $200/month.

~~~
omegabravo
Towing a car is not the same as stealing a car. If someone parks illegally you
are not suddenly allowed to smash the window and take it for a joy ride. Even
simpler, I'm not allowed to tow anyone else's car that has parked illegally.

I don't agree with Bird's practices, but that doesn't give anyone some moral
right to steal their scooters.

~~~
tyfon
No, but the municipality might be allowed to "steal" it. I was playing a bit
of devils advocate in the previous comment.

However I've seen reckless towing destroy cars and they will hold your car
until you pay up and not pay for the damages. It's a fine line.

------
flyinglizard
Why on earth didn’t Bird lock down the STM32 through builtin hardware fuses,
thus disabling the debug interface? Is that a consequence of moving fast and
breaking things?

~~~
avian
Because you must really be confident in your firmware before you start
disabling debug interfaces. Most people aren't. They see more value in being
able to fix their bugs after the fact than locking out potential hackers.

Imagine just receiving a batch of 1000 scooters with a botched firmware, which
you must write off now because you can't reprogram them due to the disabled
SWD. This happens more often than you might imagine.

~~~
zwirbl
They could at least have locked down the flash and RAM, triggering a flash
mass erase when attempting to dump the firmware/RAM contents. Not that this
would be 100% secure either, but with these STM32 HW features in place this is
already significantly more difficult.

~~~
saagarjha
I don’t see how making it harder to dump the firmware makes the platform any
more secure. Determined attackers will get in anyways and you’ll lose out on
people who are interested in poking around.

~~~
sannee
It's usually done to prevent cheap chinese clones of your boards, not so much
for security.

------
StrLght
I don't have any experience regarding hardware reverse engineering and the
only thing I didn't get from the article is how do people obtain original
firmware in the first place? Do they physically disassemble a scooter to
access the control board?

~~~
saagarjha
> Hooking this up via an STLink and using OpenOCD allows dumping of the
> firmware from both chips, which is where the fun begins.

In this case, it seems so.

------
SergeAx
Maybe I don't underestand something, but how is this different from just
hotwiring the scooter and stealing it?

------
bafflingworld
I live in Los Angeles, and locals are getting so frustrated with tourists
littering these things all over the city that they're beginning to knock them
over, throw them in the trash, etc.

It may be immoral to hack them, but it's also immoral to treat our streets and
sidewalks like a scooter landfill.

~~~
asdff
In SM they painted little squares on the sidewalk where you are supposed to
park them.

