In these days of technologically advanced and network-connected transportation devices, it has become increasingly common for vulnerabilities to exist in the systems of cars that can pose a security risk to their riders. What is less commonly known is that the same kinds of issues can exist in other forms of transportation that might at first glance seem less susceptible. Electric motorcycles and scooters are gaining traction as convenient urban transport, and seem relatively low-tech by comparison to the sophisticated systems inside modern cars, but recent findings show they may also be vulnerable to hacking in ways that go beyond simple data theft. Specifically, Investigators have identified security flaws in models from Zero Motorcycles and Yadea that could allow attackers to interfere with how these vehicles operate. While the attacks require close proximity and technical skill, the implications raise concerns about rider safety and the broader security of connected mobility devices.

The most serious issue affects certain Zero Motorcycles models. The vulnerability, identified as CVE-2026-1354, targets Bluetooth functionality in Zero Motorcycles firmware version 44 and earlier. The vulnerability stems from improper authentication during Bluetooth pairing. When the motorcycle enters pairing mode, either through manual activation or initial setup, the key exchange process fails to verify the legitimacy of the connecting device. An attacker within Bluetooth range can exploit this window to establish a connection and upload malicious firmware, giving them deep access to the motorcycle’s internal systems. Investigators indicate that this level of access could enable manipulation of key functions such as throttle or braking, creating the possibility of unsafe riding conditions if exploited under the right circumstances.

A separate flaw in Yadea scooters is less complex but still significant. In this case, weak authentication in the wireless key fob system allows attackers to intercept and replay signals used to unlock and start the scooter. This effectively enables theft without needing physical keys, lowering the barrier for exploitation compared to the more technically demanding motorcycle attack. Although this issue does not directly affect vehicle control systems in the same way, it highlights how basic security oversights can still have tangible real-world consequences.

At this stage, there is no confirmed evidence of these vulnerabilities being actively exploited, but mitigation options remain limited. Updates are expected for affected motorcycles, while some scooter models may still lack a clear fix. The situation reflects a broader pattern in connected vehicle technology, where convenience features like wireless access can introduce new risks if not properly secured. As electric mobility continues to expand, these findings serve as a reminder that cybersecurity is increasingly tied to physical safety on the road.