[Sticky] Major security flaw in Supersoco's App API
I'm Andrijan Möcker, an editor for heise online (known German IT news portal) and c't Magazine, the biggest printed tech outlet in the DACH area. We have just published a report on a major security flaw regarding Supersoco's App feature and, since the issue is very likely affecting everyone having that GPRS module installed worldwide, also translated that report into English.
I'm posting on here because I suspect that we might not have the international range to let everyone affected know. Sadly, Supersoco doesn't want to cooperate with the IT security company VTRUST that found the flaw, so the description is only brief in order to not reveal too much to potential thieves. What I can say is that you as owners can't do anything but to remove the GPRS module to protect your bike.
I will try to answer questions on here as best as I can. If you are with a foreign press outlet and want to report on this, please feel free to contact me via email@example.com.
This is very concerning... hopefully Super Soco will do something.
In the Netherlands is a company called GOsharing, this company rents the scooters per minute to share. But this would be bad for them if the app isn’t secure. Because as far as I know they use the same software to power on and gps etc.