Researchers Expose WHILL Wheelchair Safety Risks via Remote Hacking

Security researchers have demonstrated a critical vulnerability in high-tech electric wheelchairs that allows for unauthorized remote control, highlighting new safety risks for connected mobility devices.

On December 30, the US cybersecurity agency CISA published an advisory to inform the public about a serious vulnerability discovered by researchers in electric wheelchairs made by WHILL, a Japan-based company whose personal electric mobility devices are sold around the world.

According to CISA’s advisory, WHILL Model C2 and Model F electric wheelchairs are affected by a missing authentication vulnerability. The issue is tracked as CVE-2025-14346 and it has been assigned a critical severity rating.

CISA said the WHILL wheelchairs did not enforce authentication for Bluetooth connections, allowing an attacker who is in Bluetooth range of the targeted device to pair with it. The attacker could then control the wheelchair’s movements, override speed restrictions, and manipulate configuration profiles, all without requiring credentials or ...