Tag Archive for: electric

Securing Electric Vehicle Charging Platforms

/in


Automotive technology concept. Electric vehicle charging overlaid with automotive icons

Spikes in the prices of fossil fuels have provided yet another incentive for consumers to move towards electric vehicles (EVs). Alongside that trend is the pressing requirement to have a charging infrastructure which provides enough capacity to satisfy this need. In this article we will explore how EV charging platforms are being architected and deployed while answering a question seldom asked – what security holes are being opened?

DevOps Experience 2022

Are EV Charging Platforms Already Being Targeted?

The simple answer to that is yes. Typically what we see when new digital services such as EV charging come online is that initially there are a few attacks, mainly by independent researchers. These gain some publicity and although any issues raised normally get dealt with by the providers, it is often stated that the scenarios exposed are ‘academic’ so they may be taken seriously from a marketing perspective but not from a technical perspective. 

Although it may sometimes be difficult to see how the early attack vectors which are identified would result in a meaningful gain for a hacker, in my opinion it’s more common that you think that the exposed security hole is real. In other words, even if it is ‘academic’ it is still indicative of non-optimal security practices within the vendor’s operation. As such these reports should absolutely be taken seriously.

Let’s look at some recent examples of reported attacks against EV charging platform and see what trends we can see:

Source…

Tesla hacker demonstrates how to unlock doors, start the electric motor

/in


Tesla Inc. customers might love the carmakers’ nifty keyless entry system, but one cybersecurity researcher has demonstrated how the same technology could allow thieves to drive off with certain models of the electric vehicles.

A hack effective on the popular S and Y Tesla cars would allow a thief to unlock a vehicle, start the electric motor and speed away, according to Sultan Qasim Khan, principal security consultant at the Manchester, UK-based security firm NCC Group. By redirecting communications between a car owner’s mobile phone, or key fob, and the car, outsiders can fool the entry system into thinking the owner is located physically near the vehicle.

The hack, Khan said, isn’t specific to Tesla, though he demonstrated the technique to Bloomberg News on one of its car models.

Rather, it’s the result of his tinkering with Tesla’s keyless entry system, which relies on what’s known as a Bluetooth Low Energy (BLE) protocol.

There’s no evidence that thieves have used the hack to improperly access Teslas.

The carmaker didn’t respond to a request for comment. NCC provided details of its findings to its clients in a note on Sunday, an official there said.

Khan said he had disclosed the potential for attack to Tesla and that company officials didn’t deem the issue a significant risk. To fix it, the carmaker would need to alter its hardware and change its keyless entry system, Khan said. The revelation comes after another security researcher, David Colombo, revealed a way of hijacking some functions on Tesla vehicles, such as opening and closing doors and controlling music volume.

BLE protocol was designed to conveniently link devices together over the internet, though it’s also emerged as method that hackers exploit to unlock smart technologies including house locks, cars, phones and laptops, Khan said.

NCC Group said it was able to conduct the attack on several other carmakers and technology companies’ devices.

Kwikset Corp. smart locks that use keyless systems with iPhone or Android phones are impacted by the same issue, Khan said. Kwikset said that customers who use an iPhone to access the lock can switch on two-factor authentication in lock app. A…

Source…

HSB Cyber Survey Finds Electric Vehicles Drive Data Security Fears

/in


HARTFORD, Conn.–(BUSINESS WIRE)–Mar 2, 2022–

Small business owners are adding electric vehicles to their service fleets, a survey released today by HSB reports, but they worry about cyber security when connecting them to public charging stations.

The HSB poll conducted by Zogby Analytics found 15 percent of small and medium-size businesses had leased or purchased electric vehicles (EVs) for commercial use.

Three-quarters (76 percent) of those business owners and managers were concerned EV charging stations could be a target for hackers, ransomware, and other cyber-attacks.

“The technology is advancing swiftly and there is a growing need to focus on the cyber security of electric vehicles,” said Timothy Zeilman, vice president for HSB, part of Munich Re. “With the rush to make the switch to electric cars and trucks, owners and the EV industry should step up their efforts to protect vehicles and charging infrastructure from cyber-attacks.”

EV Chargers Could Add to Cyber Risks

The plug-in electric chargers communicate with vehicles through an internet connection and security experts warn the systems could be hacked.

These potential threats add to the concerns of small business owners, who were already worried about the cyber security of their commercial vehicles.

The HSB survey found almost half (46 percent) were somewhat or very concerned about the cyber exposures and safety of internet connected and automated vehicles.

Commercial Vehicles Vulnerable to Attacks

When asked about their own experience, 13 percent of the business owners and managers said that at some point, a computer virus, hacking incident, or other cyber-attack had damaged or otherwise affected their commercial vehicles.

Overall, 44 percent of those responding to the poll said they fear that malware, or another cyber-attack will damage or destroy their vehicles’ data, software, or operating systems.

Most of them (56 percent) are somewhat or very concerned their vehicles could be immobilized or made inoperable, their safety compromised (54 percent), and that a hacker could communicate and confront them over their audio system (43 percent).

Survey Methodology

Zogby Analytics surveyed 504 decision makers at small and…

Source…

Despite years of preparation, Ukraine’s electric grid still an easy target for Russian hackers

/in


“If Russia wants to take down the Ukrainian electric system, I have full confidence that they can, and the Ukrainian playbook in many ways is in a place where prevention’s not going to happen,” Robert M. Lee, CEO and co-founder of cybersecurity group Dragos, said in an interview. He argued corruption and economic barriers in Ukraine have gotten in the way of hardening the electric grid. The Ukrainian Embassy in Washington, D.C., did not respond to a request for comment.

President Joe Biden said Friday that the U.S. has every indication that Russian leader Vladimir Putin has decided to invade “in the coming days.” His warning came after a senior U.S. official estimated that Russia had lined up 169,000 to 190,000 fighters for the invasion, in “the most significant military mobilization in Europe since the Second World War.”

Alongside a physical invasion, Putin could marshal the full array of cyber and disinformation tools that it has inflicted on targets around the world during the past decade, including the U.S. And the electric grid is a ripe target.

Ukraine has repeatedly served as a laboratory for these kinds of attacks since Russia’s invasion and seizure of its Crimea region in 2014.

The first example came almost seven years ago, when three Ukrainian power stations went dark for six hours in the middle of winter, blacking out Kyiv and a large swathe of Western Ukraine. The hackers — identified by U.S. officials as Russian — tunneled inside the plants’ controls and opened breakers to prevent power flow. On top of that, they locked out power station employees from their accounts so they couldn’t respond to the attack, and overwhelmed the power stations’ call centers with a barrage of malicious online traffic — making it difficult for customers to report outages.

One year later, in 2016, Russian hackers went one step further and tried to disable the transmission equipment by overloading controls with internet activity, which would have made it unsafe for workers to manually restore power, according to a report from Dragos. The attack left portions of Kyiv in the dark for more than an hour — and even though the attackers failed to fully incapacitate…

Source…