Vanmoof’s S2 electric bicycle was unveiled last year as a theft-proof electric bike. A team at Digital Trends tried to prove that the bike had a glaring security issue, but it turned out they were working on a bike that came with a defect. Checkout the updates to learn more.
Update 2: Vanmoof has released a video demonstrating how Digital Trend’s original hack was misleading. In the video, Vanmoof shows how when the lock is properly set, the Smart Cartridge can be easily removed, but removing the SIM from the GSM tracker will set off the alarm.
According to Vanmoof:
What our ‘security expert’ is demonstrating is actually a feature of the bike. When the bike is unlocked, the alarms won’t sound and the lock won’t close. That’s so the Bike Doctors can work on the bike without getting deafened, and remove the rear wheel to replace the tire if necessary.
And yes, the Smart Cartridge is easy to remove. It’s supposed to be. We spent years finding a way to fit all of our bike’s smart tech into a module riders can remove themselves. That means international riders don’t have to ship their whole bike for servicing – they can just pop the Smart Cartridge in the mail, while we send them a replacement. Eagle-eyed viewers will remember we even highlighted this feature in the Electrified S2 & X2 launch film.
Digital Trends maintains that it has proven false Vanmoof’s original claim from its website that removing the SIM from the GSM tracker would be a lengthy process and “destroy” the bike. Vanmoof counters that once the SIM is removed, the bike’s rear wheel remains locked and the alarm has been activated.
Update 3: Digital Trends has now claimed that the original S2 bike at issue was in fact defective, resulting in the relative ease at which its security measures were defeated. Check out Digital Trends’ follow up for more info, in which they describe how the same test yielded different results when applied to another S2 bike. Moral of the story: don’t try to steal a Vanmoof S2 bike, it’s not likely going to end well for you.
Vanmoof’s S2 e-bike is supposed to be unstealable
The Dutch company Vanmoof manufacturers a number of popular electric bicycles.
We covered the launch of the company’s latest model, the S2, last year. It’s actually a really nice e-bike. There’s a digital display and a 500 Wh battery built right into the top tube, a peppy yet tiny hub motor hidden in the front wheel, and the design is pretty slick as well.
In addition to the well-designed aesthetics, one of Vanmoof’s big differentiators in a sea of other electric bikes is that they claim their e-bikes are “theft proof.”
First come the hardware anti-theft devices: Important bike components are secured with anti-theft bolts. There’s also a hidden rear wheel lock that can be initiated with a simple press of the rider’s foot. That lock prevents the bike from being ridden, meaning a thief would have to carry it off. The Vanmoof S2 even features a super loud alarm and the headlight flashes S-O-S when the alarm is triggered.
But the main feature that allows Vanmoof to call the bike theft proof is the electronic tracking. The S2 e-bike comes with a built-in GSM-enabled tracker. Vanmoof can see exactly where the bike is if it ever walks off. And not only can they locate it on a map, but the company also employs a dedicated team known as “bike hunters” whose job it is to chase down and retrieve any stolen Vanmoof bikes.
As long as Vanmoof can see the bike’s location on a map, they can steal it back for you. That’s a pretty handy feature to have in a $3,000 electric bicycle.
Vanmoof also claims that any attempt to remove the tracker will result in destroying the bike in the process.
The only problem is that’s not true.
The tracking module can apparently be removed from the bike with a screwdriver in under 60 seconds.
Digital Trends discovered this when they hired an independent security expert to attempt to circumvent Vanmoof’s technology and steal the unstealable bike.
Armed with a simple Torx screwdriver (something anyone can buy for $6), the security expert was able to pull out the tracker and render the bike untraceable. The alarm wasn’t triggered and the bike remained fully functional. It was as easy as unscrewing the seat post and then removing four security screws underneath the top tube. At that point, the tracker simply slid right out the back of the top tube.
That’s not exactly on par with what Vanmoof had claimed about the robustness of their tracking ability. We reached out to the company for comment but they have not responded as of the time of publishing. We’ll update if we hear back.
Update: Vanmoof posted on Twitter saying that the alarm wasn’t engaged and that Digital Trends did not reach out for a comment before publishing the hacking tutorial. According to Vanmoof:
“They did not reach out to us and ask for comments. If they would we have told them that the Stealth Lock was not engaged while this was filmed. (The alarm would go off immediately if it was engaged). It is false info.”
Vanmoof also claims that the GSM module was designed to be easy to remove so technicians and even owners themselves could work on the bike and replace parts. Digital Trends maintains that this flies in the face of Vanmoof’s previous marketing, which said that “Removing the SIM card from the Smart Bike would be a time-consuming task and by the time a thief had done it not only would we would have probably tracked down the bike, but they would have destroyed the bike in the process.”
As for current owners of a Vanmoof S2, there’s a reason not to worry too much yet. Vanmoof has always claimed that they’ll provide a free replacement if they can’t recover a stolen bike within two weeks. While that was probably meant to bolster their bike hunter service, it could mean the company will providing more free bikes in the future than they originally intended. So even if a thief were to steal an S2 and remove the GSM module, the owner would presumably be getting a new e-bike in a few weeks time.
There’s always an ethical debate about publishing security hacks. In this case, the steps are already public and the company is presumably aware of the issue. Now it is likely best if all Vanmoof S2 owners know about the issue so they can plan accordingly. Grabbing a good second lock wouldn’t be a bad idea!
It is also important to point out that the procedure discovered by Digital Trends only bypasses the anti-theft tracking. A thief would still need to defeat any physical locks placed on the bike to steal it. But that’s the same situation as any other e-bike. What made the Vanmoof S2 special was its ability to always be found and returned if it was stolen.
I guess the part that surprises me most about this whole thing is that the alarm isn’t even triggered by this operation. My best guess is that the bike uses a tilt or motion switch to activate the alarm when locked. Most theft-based activities would jar the bike at least slightly. But removing 5 screws can be done without moving the bike at all, which could explain why the alarm isn’t triggered. But that’s just my guess. (Update: Vanmoof claims the alarm wasn’t activated at the time of the hack. In the company’s response, they point out that the alarm does activate and the rear wheel remains locked. This shows that Digital Trend’s original hack was likely conducted under non-real world conditions, i.e. with the bike unlocked. However, it doesn’t explain why Vanmoof originally claimed that removal of the SIM card would be a lengthy process that would destroy the bike. It also doesn’t solve the problem that a would-be thief could steal the bike, quickly and easily remove the SIM tracker, then take his or her time dismantling and parting out the bike.)
Subscribe to Electrek on YouTube for exclusive videos and subscribe to the podcast.