Researchers Demonstrate Remote Hijacking of WHILL Wheelchairs via Bluetooth

Researchers have demonstrated the remote takeover of WHILL wheelchairs via Bluetooth. The Cybersecurity and Infrastructure Security Agency (CISA) issued an advisory (ICSMA-25-364-01) indicating that these wheelchairs do not require authentication for Bluetooth connections. An attacker within range can pair with the device without credentials or user interaction, then control movements, bypass speed limits, and modify configuration profiles. No CVE vulnerability is mentioned. The impact includes physical risk to users.