M365 Toolbox demonstrates a security vulnerability in the Xiaomi M365 electric scooter’s communication protocol. The Java application exploits weaknesses in the scooter’s Bluetooth Low Energy (BLE) authentication mechanism to bypass security controls and execute unauthorized commands.
The proof-of-concept tool reveals how the scooter’s authentication can be circumvented through protocol manipulation, allowing remote control access without proper authorization. This research highlighted critical security flaws in IoT device communication protocols commonly found in consumer transportation devices.