Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Nyon Unchained: Forensic Analysis of Bosch's eBike Board Computers

Marcel Stachak, Julian Geus, Gaston Pugliese, Felix Freiling

TL;DR

This study conducts a forensic examination of Bosch Nyon eBike board computers across two generations (2014 and 2021). It develops a data acquisition methodology tailored to feature-rich, restricted devices and demonstrates how data can be retrieved via OS-based access (2014) or chip-off extraction (2021) despite encryption. The analysis uncovers extensive forensically relevant traces including GPS tracks, cycling metrics, user profiles, Wi‑Fi and Bluetooth artifacts, and even data tampering capabilities on the older model. The work highlights the forensic value of specialized mobile embedded devices, informs practitioners about practical acquisition strategies, and reports a coordinated disclosure with Bosch regarding security findings. Future work includes extending cloud/app data analysis and evaluating a broader set of eBike devices.

Abstract

Modern eBike on-board computers are basically small PCs that not only offer motor control, navigation, and performance monitoring, but also store lots of sensitive user data. The Bosch Nyon series of board computers are cutting-edge devices from one of the market leaders in the eBike business, which is why they are especially interesting for forensics. Therefore, we conducted an in-depth forensic analysis of the two available Nyon models released in 2014 and 2021. On a first-generation Nyon device, Telnet access could be established by abusing a design flaw in the update procedure, which allowed the acquisition of relevant data without risking damage to the hardware. Besides the user's personal information, the data analysis revealed databases containing user activities, including timestamps and GPS coordinates. Furthermore, it was possible to forge the data on the device and transfer it to Bosch's servers to be persisted across their online service and smartphone app. On a current second-generation Nyon device, no software-based access could be obtained. For this reason, more intrusive hardware-based options were considered, and the data could be extracted via chip-off eventually. Despite encryption, the user data could be accessed and evaluated. Besides location and user information, the newer model holds even more forensically relevant data, such as nearby Bluetooth devices.

Nyon Unchained: Forensic Analysis of Bosch's eBike Board Computers

TL;DR

This study conducts a forensic examination of Bosch Nyon eBike board computers across two generations (2014 and 2021). It develops a data acquisition methodology tailored to feature-rich, restricted devices and demonstrates how data can be retrieved via OS-based access (2014) or chip-off extraction (2021) despite encryption. The analysis uncovers extensive forensically relevant traces including GPS tracks, cycling metrics, user profiles, Wi‑Fi and Bluetooth artifacts, and even data tampering capabilities on the older model. The work highlights the forensic value of specialized mobile embedded devices, informs practitioners about practical acquisition strategies, and reports a coordinated disclosure with Bosch regarding security findings. Future work includes extending cloud/app data analysis and evaluating a broader set of eBike devices.

Abstract

Modern eBike on-board computers are basically small PCs that not only offer motor control, navigation, and performance monitoring, but also store lots of sensitive user data. The Bosch Nyon series of board computers are cutting-edge devices from one of the market leaders in the eBike business, which is why they are especially interesting for forensics. Therefore, we conducted an in-depth forensic analysis of the two available Nyon models released in 2014 and 2021. On a first-generation Nyon device, Telnet access could be established by abusing a design flaw in the update procedure, which allowed the acquisition of relevant data without risking damage to the hardware. Besides the user's personal information, the data analysis revealed databases containing user activities, including timestamps and GPS coordinates. Furthermore, it was possible to forge the data on the device and transfer it to Bosch's servers to be persisted across their online service and smartphone app. On a current second-generation Nyon device, no software-based access could be obtained. For this reason, more intrusive hardware-based options were considered, and the data could be extracted via chip-off eventually. Despite encryption, the user data could be accessed and evaluated. Besides location and user information, the newer model holds even more forensically relevant data, such as nearby Bluetooth devices.
Paper Structure (48 sections, 7 figures, 1 table)

This paper contains 48 sections, 7 figures, 1 table.

Table of Contents

  1. Introduction
  2. Related Work
  3. Contributions
  4. Outline
  5. Bosch Nyon Computers
  6. Bosch Nyon 2014
  7. Bosch Nyon 2021
  8. Smartphone App and Web Service
  9. Data Acquisition Methodology
  10. Manual Acquisition
  11. OS-based Acquisition
  12. Hardware-based Acquisition
  13. Forensic Analysis of the Nyon 2014
  14. Data Acquisition
  15. Manual Acquisition
  16. ...and 33 more sections

Figures (7)

  • Figure 1: Bosch Nyon computers (© Robert Bosch GmbH).
  • Figure 2: Main logic board (MLB) of the Nyon 2014 highlighting the CPU, DRAM, and a possible debug interface.
  • Figure 3: Main logic board (MLB) of the Nyon 2021 highlighting the CPU, DRAM, a possible debug interface, and eMMC.
  • Figure 4: Screenshots of the eBike Connect app.
  • Figure 5: Dashboard of Nyon 2014.
  • ...and 2 more figures