Home car chargers at risk from hackers

Posted: July 31, 2021 by oldbrew in Batteries, Travel, Uncertainty
Tags:

homechargeEven local electricity blackouts could be on the cards for determined hackers, it seems. A far cry from rolling up at the local filling station for a few minutes.
– – –
Security researchers have discovered failings in two home electric car chargers, reports BBC Click.

The researchers were able to make the chargers switch on or off, remove the owner’s access, and show how a hacker could get into a user’s home network.

Most of the faults have now been fixed but owners are being told to update their apps and chargers, to be safe.

It comes as proposed new legislation on cyber-security for appliances – including chargers – is published.

Two home chargers, Wallbox and Project EV – both approved for sale in the UK by the Department for Transport – were found to be lacking adequate security when used with an accompanying app for smartphones.

Cyber-security researcher at Pen Test Partners, Vangelis Stykas, discovered the vulnerabilities.

“On Wallbox you could take full control of the charger, you could gain full access and remove the usual owner’s access on the charger. You could stop them from charging their own vehicles, and provide free charging to an attacker’s vehicle.

“Project EV had a really bad implementation on their back end. Their authentication where it existed was pretty primitive, so an attacker could easily escalate themselves to being an administrator and change the firmware of all the chargers.”

Mr Stykas says changing the firmware – the programming that is built in to the hardware – would allow an attacker to permanently disable the charger, or use it to attack other chargers or servers.
. . .
Home Network Access

Researchers also found it would be possible in cases where the chargers were connected by wi-fi to the home network, for hackers to also gain access.

Pen Test Partner’s Ken Munro says: “Once you’re on to someone’s home network, if you haven’t changed that router admin password, you can send all the traffic to the hacker.

“That means they can do things like set up sites that look like the real deal but steal your passwords and then your real bank account for example has been compromised. There’s all sorts of things you can do .. so everything you do online is potentially exposed.”

In its report into the security failures, Pen Test Partners adds that multiple chargers could be controlled at the same time using some of the vulnerabilities it found, which could potentially be used by an attacker to overload the electricity grid in some areas and cause blackouts.

Full report here.

Comments
  1. SasjaL says:

    No surprise! Anything connected to the can be hacked (act. cracked), but not that many realize that.

  2. ivan says:

    Typical IoT (internet of things) stupidity. Why would a battery charger need internet connectivity in the first place?

    I suppose the E-car enthusiasts have all forgotten the KISS principle of engineering, after all it is too simple to just plug the charger in to the car, turn the power on and wait for it to charge the battery and then switch off when finished.

    I assume the idea of the charger being an IoT item is to allow the electricity supplier to monitor power usage and limit supply if necessary especially when the wind isn’t blowing and the real power plants have shut down.

  3. oldbrew says:

    ivan – the wi-fi is also for the smartphone to talk to the charger.
    – – –
    Why this kind of hacking is only a problem for the few…

    Paris climate goals at risk if only rich countries adopt electric cars

    Part of the problem is that global automakers design their cars, vans and motorcycles to win over well-heeled customers in the West, largely ignoring the needs of potential buyers in poorer markets

    Bloomberg
    Last Updated at July 31, 2021

    https://www.business-standard.com/article/international/paris-climate-goals-at-risk-if-only-rich-countries-adopt-electric-cars-121073100547_1.html
    – – –
    This is cheap by EV standards. Only 2 wheels of course…

    https://www.e-scooter.co/honda-ev-cub/

  4. Gamecock says:

    Why can’t we have nice things?

    BTW, home car chargers are at risk from vandals, too.

  5. JB says:

    What is this rage of having every electronic machine tied to a com network?
    Ever looked for a simple microwave oven with just 2 knobs instead of all that keyboard razzle-dazzle? If you can find one, it costs as much as mid-range priced ovens.

    I keep waiting (fruitlessly) for people to realize “smart” machines carry their own seeds of failure. Maybe it will take a full on, nasty CME to wise people up.

  6. ivan says:

    oldbrew, I gathered that as it is a ‘feature’ of IoT things, but why people would want their phone to talk with the charger beats me.

  7. Gamecock says:

    What do you do if you catch your charger talking to your refrigerator ?!?!

  8. Graeme No.3 says:

    Gamecock:
    Wouldn’t do the charger any good, she’s frigid.

  9. oldbrew says:

    ivan – re. ‘why people would want their phone to talk with the charger’, it would be to start or end a car charge remotely, or maybe check on its progress.

  10. It doesn't add up... says:

    Phone apps would be used to select a whole range of parameters – how much charge to take, whether to charge at a faster rate and other battery management parameters, whether to charge according to price, making sure sufficient for a long journey, whether to offer V2G etc., etc. Charging cars is going to get complicated.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s