WHILL electric wheelchairs vulnerable to remote bluetooth hijacking
Take action: If you are using WHILL wheelchairs, they may be vulnerable to hijacking. Review the advisory and contact WHILL Inc. to confirm your wheelchair has the December 29, 2025 firmware update installed.
Learn More
WHILL Inc. reports a security flaw in its Model C2 and Model F electric wheelchairs that allows attackers to hijack the devices if they are within Bluetooth range.
The flaw is tracked as CVE-2025-14346 (CVSS score 9.8) - Missing authentication for critical functions in Bluetooth communication. The wheelchairs do not check for identity during Bluetooth pairing. An attacker can pair with the chair and send movement commands without any verification which device is pairing to the wheelchair. Attackers can also ignore speed limits and change how the chair works.
WHILL pushed out fixes on December 29, 2025. The new firmware stops people from changing speed settings through the mobile app without permission. It also stops the chair from accepting unlock commands while it is moving. To protect data, the company now hides configuration files in a binary format on Android and iOS apps.
Users should reach out to WHILL Inc. to get the latest security patches.
