“It's the responsibility of the companies offering these services to make sure they are secure,” says Jacob Hoffman-Andrews, senior staff technologist at the Electronic Frontier Foundation, a digital rights nonprofit. The bulk of safeguards, however, must come from manufacturers. Munro’s top recommendation for consumers is to not connect their home chargers to the internet, which should prevent the exploitation of most vulnerabilities. The attack ended once the company paid millions of dollars in ransom. The United States glimpsed what such an attack might look like in 2021 when hackers hijacked Colonial Pipeline and disrupted gasoline supplies nationwide. “We’ve inadvertently created a weapon that nation-states can use against our power grid,” says Munro. If a hacker were to switch thousands, or millions, of chargers on or off simultaneously, it could destabilize and even bring down entire electricity networks. They might, for example, plug in after work and schedule the vehicle to charge overnight when prices are lower. Many home users leave their cars connected to chargers even if they aren’t drawing power.
“It’s not about your charger, it’s about everyone’s charger at the same time,” he says. A charger sold in the UK by Project EV allowed researchers to overwrite its firmware.
#Chargers take time out software#
For instance, it identified a software bug in the popular Chargepoint network that hackers could likely exploit to obtain sensitive user information (the team stopped digging before acquiring such data). When British security research firm Pen Test Partners spent 18 months analyzing seven popular EV charger models, it found five had critical flaws. They found everything from the possibility of hackers being able to track users to vulnerabilities that “may expose home and corporate networks to a breach.” Another study, led by Concordia University and published last year in the journal Computers & Security, highlighted more than a dozen classes of “severe vulnerabilities,” including the ability to turn chargers on and off remotely, as well as deploy malware. Johnson and his colleagues summarized known shortcomings in a paper published last fall in the journal Energies. Vulnerabilities in EV charger security aren’t hard to find. Given the dangers, everyone from device manufacturers to the Biden administration is rushing to fortify these increasingly common machines and establish security standards. In recent years, security researchers and white-hat hackers have identified sprawling vulnerabilities in internet-connected home and public charging hardware that could expose customer data, compromise Wi-Fi networks, and, in a worst-case scenario, bring down power grids.
#Chargers take time out install#
As companies, governments, and consumers sprint to install more chargers, the risks could only grow. While such breaches have so far remained relatively innocuous, cybersecurity experts say the consequences would be far more severe at the hands of truly nefarious miscreants. Just this year, the hosts of YouTube channel The Kilowatts tweeted a video showing it was possible to take control of an Electrify America station’s operating system. Around the same time, cyber-vandals in England programmed public chargers to broadcast pornography. At the beginning of the war in Ukraine, hackers tweaked charging stations along the Moscow–Saint Petersburg motorway in Russia to greet users with anti-Putin messages. Such shenanigans are increasingly common.
"It was, unfortunately, not terribly surprising,” Malcolm says of the hack, which he stumbled upon last fall.
0 kommentar(er)
