T-Mobile is Warning that a data breach has exposed the names, date of birth, Social Security number and driver’s license/ID information of more than 40 million current, former or prospective customers who applied for credit with the company. Get Secured Now with Norton 360
U.K. cybersecurity company Pen Test Partners has identified several vulnerabilities in the APIs of six home electric vehicle charging brands and a large public EV charging network. While the charger manufacturers resolved most of the issues, the findings are the latest example of the poorly regulated world of Internet of Things devices, which are poised to become all but ubiquitous in our homes and vehicles.
Vulnerabilities were identified in the API of six different EV charging brands — Project EV, Wallbox, EVBox, EO Charging’s EO Hub and EO mini pro 2, Rolec and Hypervolt — and public charging network Chargepoint. Security researcher Vangelis Stykas identified several security flaws among the various brands that could have allowed a malicious hacker to hijack user accounts, impede charging and even turn one of the chargers into a “backdoor” into the owner’s home network.
The consequences of a hack to a public charging station network could include theft of electricity at the expense of driver accounts and turning chargers on or off.
Some EV chargers used a Raspberry Pi compute module, a low-cost computer that’s often used by hobbyists and programmers.
“The Pi is a great hobbyist and educational computing platform, but in our opinion it’s not suitable for commercial applications as it doesn’t have what’s known as a ‘secure bootloader,’” Pen Test Partners founder Ken Munro told TechCrunch. “This means anyone with physical access to the outside of your home (hence to your charger) could open it up and steal your Wi-Fi credentials. Yes, the risk is low, but I don’t think charger vendors should be exposing us to additional risk.”
The hacks are “really fairly simple,” Munro said. “I can teach you to do this in five minutes,” he added.
The company’s report, published this past weekend, touched on vulnerabilities associated with emerging protocols like the Open Charge Point Interface, maintained and managed by the EVRoaming Foundation. The protocol was designed to make charging seamless between different charging networks and operators.