Public bikes in Copenhagen locked up by a hacker

The ubiquitous infiltration of sophisticated technologies into people’s everyday routine makes things easier for service providers and customers alike. At the same time, cyber attacks continue to demonstrate how badly we have come to depend on the tech that merges real-life stuff with digital solutions. The recent incident that took place in Copenhagen showed that a click of a mouse could disrupt an entire public system.

A malicious player was able to compromise the local electric bike service called Bycyklen. The attack took root on May 4, 2018 and resulted in the denial of access to all bicycles owned by the organization. The 1,860 bikes operate with Android-based devices that use GPS and a specially crafted app to keep track of rent-related information and administer the process remotely. By compromising this network, the threat actor actually prevented people from unlocking their bikes.

In order to resolve the issue, Bycyklen employees had to restore the hacked electric bikes manually. It means they were supposed to locate the vehicles in order to get access to their mounted Android tablets and reboot them. According to the breached organization, they fixed 200 bikes within the first 24 hours into the incident, and the rest of the repair would take some time.

On May 7, the service posed an update on their website addressing the privacy aspect of the compromise. According to the message, they didn’t find any signs of the attacker stealing users’ highly sensitive, such as their payment card details. What could potentially be exposed, though, was the PIN codes for the bikes as well as the customers’ phone numbers and email addresses. The company also emphasized that the hack targeted their service, not the users. Additionally, the culprit was reportedly well aware of the company’s IT infrastructure, which might arguably be a sign of an inside job – there is no confirmation of the latter, though.