Hackers Reveal EV Charge Security Flaws
Thursday, 19. August 2021
Software experts have discovered numerous security flaws with a range of smart electric vehicle (EV) chargers.
They were able to remotely switch the chargers on and off, remove the owner’s access and lock or unlock the charging cable.
Devices from Wallbox and Project EV – both approved for sale in the UK by the Department for Transport – were found to be “lacking adequate security” by researchers at Pen Test Partners.
Speaking to the BBC, Vangelis Stykas, a cyber-security researcher, said: “On Wallbox you could take full control of the charger, you could gain full access and remove the usual owner’s access on the charger. You could stop them from charging their own vehicles, and provide free charging to an attacker’s vehicle.
“Project EV had a really bad implementation on their back end. Their authentication where it existed was pretty primitive, so an attacker could easily escalate themselves to being an administrator and change the firmware of all the chargers.”
He says changing the programming on the device would allow an attacker to permanently disable the charger, or use it to attack other chargers or servers.
Hackers could also infiltrate a home network, in cases where the chargers were connected by Wi-Fi.
Pen Test Partners believes that multiple chargers could also be controlled at the same time using some of the vulnerabilities it found, which could potentially be used by an attacker to overload the electricity grid in some areas and cause blackouts.
The company assessed charging units from Project EV, Wallbox, EVBox, EO Hub, Rolec and Hypervolt.
Most of the faults have now been addressed, however charge point owners are advised to install the latest software updates to the devices. By Graham Hill thanks to Fleet News