"Researchers at Bureau Veritas Cybersecurity discovered that electric motorcycles from US-based Zero Motorcycles are affected by a vulnerability that could allow an attacker to connect to a vehicle over Bluetooth. The security hole, tracked as CVE-2026-1354, affects firmware version 44 and earlier."
"According to CISA, which classified the vulnerability as 'medium severity' due to the attack's high complexity, an attacker could gain unauthorized access to all Bluetooth functions and even upload malicious firmware to the bike."
"Dinesh Shetty, director of security engineering at Bureau Veritas, told SecurityWeek that while conducting an attack may not be easy, a motivated and well-resourced attacker could pull it off."
"An attacker standing within Bluetooth range could jump in and pair their own device to the bike, and the motorcycle would accept it as a legitimate connection."
Electric motorcycles from Zero Motorcycles and scooters from Yadea are vulnerable to security flaws that could lead to physical safety risks. CISA issued advisories on these vulnerabilities. Zero Motorcycles has a Bluetooth vulnerability, CVE-2026-1354, affecting firmware version 44 and earlier. An attacker could connect over Bluetooth, gaining unauthorized access to functions and uploading malicious firmware. The attack requires physical proximity and knowledge of the pairing process, allowing the attacker to masquerade as a trusted device and exploit the firmware update channel.
Read at SecurityWeek
Unable to calculate read time
Collection
[
|
...
]