A critical vulnerability exists in WHILL Model C2 and Model F electric wheelchairs that allows a nearby attacker to connect to the device via Bluetooth without authentication. This allows the attacker to take complete control of the wheelchair's movement and speed, posing a direct and severe physical safety risk to the user. Immediate patching is required to prevent potential harm and exploitation.

The affected WHILL wheelchair models do not implement any authentication mechanism for their Bluetooth Low Energy (BLE) services. An attacker within Bluetooth range (typically 10-100 meters) can scan for, connect to, and pair with a vulnerable device without requiring a PIN, password, or any interaction from the user. Once paired, the attacker can send malicious commands to control the device's motors, override pre-configured speed limits, and modify user configuration profiles, effectively hijacking the wheelchair.

This vulnerability is rated as critical severity with a CVSS score of 9.8 due to the high potential for direct physical harm to users. Exploitation of this flaw could lead to serious injury or death, resulting in significant legal liability, regulatory fines, and severe reputational damage for any organization responsible for these devices (e.g., healthcare facilities, assisted living centers, or equipment providers). The lack of authentication means the attack is easy to perform for any threat actor in physical proximity, requiring minimal technical skill.

Immediate Action: Immediately apply the latest firmware updates provided by the vendor to all affected WHILL Model C2 and Model F devices. After patching, verify that the update has successfully been applied and that the vulnerability is remediated.

Proactive Monitoring: Monitor the physical environment for suspicious activity, such as individuals attempting to interact with the devices electronically. If the devices generate connection logs, review them for unauthorized or unexpected Bluetooth pairing events, especially from unknown devices or at unusual times.

Compensating Controls: If patching cannot be performed immediately, implement the following controls:

• Disable the Bluetooth feature on the wheelchair if it is not required for essential operation.
• Instruct users to turn off the device completely when not in use.
• Restrict the use of these devices to physically secure and trusted environments where unauthorized individuals cannot get within Bluetooth range.

Public Exploit Available: false

Due to the critical CVSS score of 9.8 and the direct threat to human safety, this vulnerability must be treated as the highest priority. We strongly recommend that all affected WHILL wheelchairs are identified and patched immediately. Until all devices are updated, the recommended compensating controls, particularly disabling Bluetooth functionality, should be strictly enforced to mitigate the immediate risk of physical harm.