I recently started riding a motorcycle in the last 2 years. One of my favorite aspects of motorcycles are how easy it is to find a solid 30-year-old bike that still runs well and costs less than $5k. You can still buy parts for it… 30 _years_ later. Nothing else in my life shares that quality. I can continue repairing them and keep them running, which is a fun little hobby.
I really want to like the idea of electric motorcycles, but I have very low confidence that they would be built for the long term. Having to worry about software and security makes me even less excited.
Blows my mind how you can buy a new gas motorcycle for the price of an ebike. And the thing with the ebike is it is built nothing like a motorcycle. Feels like the cheapest chinese part bike with the cheapest drivetrain they could source. A motorcyle the parts are like heavy, milled metal, the thing seems solid and well built, well, you probably know what I mean about motorcycles. Seems like you get a lot for your $5k in comparison to ebike market. I guess that is true for road bikes that aren’t even electric too. Somehow those also cost as much as motorcycles. Why buy a campagnolo when you can buy a ducati?
For $600 I bought a dual motor 1500w ebike that can haul my overweight self up a steep incline without pedalling. It tops out at 35mph. As long as I pedal along with it and stay at a sane speed I can ride 40-60 miles on a charge and still have enough juice for the last push uphill home.
It's not really an ebike, it's an e-moped at worst, and I'm glad that my locality doesn't have strong laws about it because it's fun, but I could also see how dangerous it could be in the hands of an amateur or thrill seeking rider.
I guess you can build electric motorcycles as a security nightmare, though my ebike which is basically a less powerful too wheels and electric motor can't be hacked online as it has no app, internet connection or anything like that. Also my old petrol motorcycles. I don't know if people really want the internet connected bit?
A direct email from Zero Motorcycles to owners probably as a result of this blog post:
On the morning of March 25th, as part of our ongoing improvements, we released a firmware update for select 2022+ Zero models that improves the accuracy of the battery state-of-charge and range display. This update addresses a condition where, over time, the system could overestimate available charge, which in rare cases could lead to the motorcycle shutting down before the display reaches 0%. Following installation, some riders may notice a lower battery percentage or reduced range estimate. This is expected and reflects corrected, more accurate readings — actual riding range is not affected.
See details at zeromotorcycles.com/firmware.
Ongoing Security Enhancements
Separately, we recently became aware of potential issues in our motorcycles’ firmware and are taking steps to address them with your safety and security in mind. This work is ongoing, and we remain committed to strengthening system protections across our platform.
We understand how important trust and dependability are when you ride. Thank you for your continued support.
Sincerely,
The Zero Motorcycles Team
Somehow I'm not surprised that Zero's software is terrible. I don't think being new has anything to do with it, they are just that type of company.
That's a really nice article. I don't typically read security exploit posts but it was pretty interesting.
In the section about possible attacks, it wasn't clear if those three options represented the worst things you could do or just possible ideas. It seemed to me that locking the throttle to maximum would be worse.
Killswitch is still physical, so I guess unless that's in the bad conditions and, say, in a curve..... But yeah, killing bad.
Seems like the Zero in Zero Motorcycles stands for the security
Firmware not being signed by certificates in 2026 is wild.
firmware should not have to be signed. it's a user hostile practice to prevent people from owning their machines. The real problem is the online update. put the firmware on a sd card.
Fair to say that motorcyclists are risk-on people.
Cool article. Take out the dumb proselytizing about AI use, it’s totally out of place.
It's the new performative "acknowledgment."
A shame because the rest of this is quite technically interesting.
I recently started riding a motorcycle in the last 2 years. One of my favorite aspects of motorcycles are how easy it is to find a solid 30-year-old bike that still runs well and costs less than $5k. You can still buy parts for it… 30 _years_ later. Nothing else in my life shares that quality. I can continue repairing them and keep them running, which is a fun little hobby.
I really want to like the idea of electric motorcycles, but I have very low confidence that they would be built for the long term. Having to worry about software and security makes me even less excited.
Blows my mind how you can buy a new gas motorcycle for the price of an ebike. And the thing with the ebike is it is built nothing like a motorcycle. Feels like the cheapest chinese part bike with the cheapest drivetrain they could source. A motorcyle the parts are like heavy, milled metal, the thing seems solid and well built, well, you probably know what I mean about motorcycles. Seems like you get a lot for your $5k in comparison to ebike market. I guess that is true for road bikes that aren’t even electric too. Somehow those also cost as much as motorcycles. Why buy a campagnolo when you can buy a ducati?
For $600 I bought a dual motor 1500w ebike that can haul my overweight self up a steep incline without pedalling. It tops out at 35mph. As long as I pedal along with it and stay at a sane speed I can ride 40-60 miles on a charge and still have enough juice for the last push uphill home.
It's not really an ebike, it's an e-moped at worst, and I'm glad that my locality doesn't have strong laws about it because it's fun, but I could also see how dangerous it could be in the hands of an amateur or thrill seeking rider.
I guess you can build electric motorcycles as a security nightmare, though my ebike which is basically a less powerful too wheels and electric motor can't be hacked online as it has no app, internet connection or anything like that. Also my old petrol motorcycles. I don't know if people really want the internet connected bit?
A direct email from Zero Motorcycles to owners probably as a result of this blog post:
SUBJECT: Firmware Release & Ongoing Security Measures
Dear Zero Owners,
March 25th Firmware Update (BMU V20)
On the morning of March 25th, as part of our ongoing improvements, we released a firmware update for select 2022+ Zero models that improves the accuracy of the battery state-of-charge and range display. This update addresses a condition where, over time, the system could overestimate available charge, which in rare cases could lead to the motorcycle shutting down before the display reaches 0%. Following installation, some riders may notice a lower battery percentage or reduced range estimate. This is expected and reflects corrected, more accurate readings — actual riding range is not affected.
See details at zeromotorcycles.com/firmware.
Ongoing Security Enhancements
Separately, we recently became aware of potential issues in our motorcycles’ firmware and are taking steps to address them with your safety and security in mind. This work is ongoing, and we remain committed to strengthening system protections across our platform.
We understand how important trust and dependability are when you ride. Thank you for your continued support.
Sincerely,
The Zero Motorcycles Team
Somehow I'm not surprised that Zero's software is terrible. I don't think being new has anything to do with it, they are just that type of company.
That's a really nice article. I don't typically read security exploit posts but it was pretty interesting.
In the section about possible attacks, it wasn't clear if those three options represented the worst things you could do or just possible ideas. It seemed to me that locking the throttle to maximum would be worse.
Killswitch is still physical, so I guess unless that's in the bad conditions and, say, in a curve..... But yeah, killing bad.
Seems like the Zero in Zero Motorcycles stands for the security
Firmware not being signed by certificates in 2026 is wild.
firmware should not have to be signed. it's a user hostile practice to prevent people from owning their machines. The real problem is the online update. put the firmware on a sd card.
Fair to say that motorcyclists are risk-on people.
Cool article. Take out the dumb proselytizing about AI use, it’s totally out of place.
It's the new performative "acknowledgment."
A shame because the rest of this is quite technically interesting.