On the Security of Dockless Bike Sharing Services
Details
Starting last year, many new bike sharing services emerged in larger Asian cities, flooding the streets with 100 thousands of bicycles. The startups behind these services are aggressively competing for territory and investment, and are now also expanding to European Cities. The city of Zurich for instance didn't even have the chance to launch their 'Publibike' service (start announced for May 2018), they were already outrunned by other private competitors.
The way these 'Uber for bikes' services work is quite simple: clients use their smartphone to locate vacant bicycles. Once nearby, they can unlock the bicycle directly from the app or by scanning a QR code. Unlike traditional rental services, however, which require bikes to be returned to a fixed docking station, riders are free to leave the bikes wherever their journey ends.
The interesting part about these services is that they combine technologies such as IoT, mobile applications, geolocation and web services, all of which have their own attack surface. I had a closer look at two bike sharing services in Zurich with respect to security aspects and will share my findings with you in this session.
Speaker
Antoine Neuenschwander initially worked in the development of security products. He later joined a team of penetration testers. In his actual position as security engineer, he is back in defense. His fields of expertise include web application security and network security. Antoine Neuenschwander holds a MSc degree in Computer Science from the Swiss Federal Institute of Technology in Zurich.
Agenda
17:30 - Doors will open
18:00 - Welcome and short introduction
18:20 - Talk and Q&A
19:30 - Dinner
Who
As usual, all of our meetings are open to everyone and free of charge.
Afterwards
If you still would like to grab a bite afterwards, simply stay a little longer and we will form up a group of hungry and discussion-friendly people. ;)
More
Stay tuned by joining us here on Meetup (https://www.meetup.com/de-DE/OWASPSwitzerland/) and/or by subscribing to our (low-traffic) mailing list (https://lists.owasp.org/mailman/listinfo/owasp-switzerland).