EV Charger Hacking Poses a ‘Catastrophic’ Risk

/in


Such cracks could conceivably permit hackers to access vehicle data or consumers’ credit card information, says Ken Munro, a cofounder of Pen Test Partners. But perhaps the most worrying weakness to him was that, as with the Concordia testing, his team discovered that many of the devices allowed hackers to stop or start charging at will. That could leave frustrated drivers without a full battery when they need one, but it’s the cumulative impacts that could be truly devastating.

“It’s not about your charger, it’s about everyone’s charger at the same time,” he says. Many home users leave their cars connected to chargers even if they aren’t drawing power. They might, for example, plug in after work and schedule the vehicle to charge overnight when prices are lower. If a hacker were to switch thousands, or millions, of chargers on or off simultaneously, it could destabilize and even bring down entire electricity networks. 

“We’ve inadvertently created a weapon that nation-states can use against our power grid,” says Munro. The United States glimpsed what such an attack might look like in 2021 when hackers hijacked Colonial Pipeline and disrupted gasoline supplies nationwide. The attack ended once the company paid millions of dollars in ransom.

Munro’s top recommendation for consumers is to not connect their home chargers to the internet, which should prevent the exploitation of most vulnerabilities. The bulk of safeguards, however, must come from manufacturers.

“It’s the responsibility of the companies offering these services to make sure they are secure,” says Jacob Hoffman-Andrews, senior staff technologist at the Electronic Frontier Foundation, a digital rights nonprofit. “To some degree, you have to trust the device you’re plugging into.”

Electrify America declined an interview request. With regard to the issues Malcolm and the Kilowatts documented, spokesperson Octavio Navarro wrote in an email that the incidents were isolated and the fixes were quickly deployed. In a statement, the company said, “Electrify America is constantly monitoring and reinforcing measures to protect ourselves and our customers and focusing on risk-mitigating station and…

Source…