Researchers from SaiFlow have detailed vulnerabilities affecting electric vehicle (EV) charging stations that could be exploited to cause denial-of-service or trick them into charging vehicles without payment. The vulnerabilities lie in the Open Charge Point Protocol (OCPP) standard.
Note
- Electric Vehicle chargers are more than high power electric outlets. The cable connecting the car to the charger includes data lines to regulate charging and provide metering as well as payment information. It is more like a “very large USB-C” charger in how it combines data and power delivery. This provides an avenue to either attack the charger or the car. In addition, wireless networking may be used as well to interface with mobile devices for payment.
- In 2021 USD 7.5B was allocated over five years to build out EV charging stations and last September the Biden administration launched a grant program to build charging networks along 75,000 miles of interstate highways. That means the focus is going to be on deployment before the money runs out rather than cyber security. While many states are working to require cyber security components as part of approving grants for EV charging stations, this still leaves existing or legacy installations possibly exempted. If providers don’t resolve issues, expect a regulatory body, like NERC, to step in and require it. Regardless, if you’re in the EV charging business, you want to make sure that you’ve got cyber security covered, before your hand is forced.
- This announcement isn’t unexpected as the EV infrastructure continues to build out. Researchers in academia, private sector, and hacking circles will start fully testing the underlying protocols and vulnerabilities will be found. Unfortunately, speed to market often trumps adequate security testing of new technology. We’ve witnessed a similar parallel with vehicle automation. What’s important is that the industry move quickly to close this and other vulnerabilities, as they will be targeted by cybercriminals.
Read more in
- Hijacking EV Charge Points to Cause DoS
- Historic Step: All Fifty States Plus D.C. and Puerto Rico Greenlit to Move EV Charging Networks Forward, Covering 75,000 Miles of Highway
Alex Lim
Alex Lim is a certified IT Technical Support Architect with over 15 years of experience in designing, implementing, and troubleshooting complex IT systems and networks. He has worked for leading IT companies, such as Microsoft, IBM, and Cisco, providing technical support and solutions to clients across various industries and sectors. Alex has a bachelor’s degree in computer science from the National University of Singapore and a master’s degree in information security from the Massachusetts Institute of Technology. He is also the author of several best-selling books on IT technical support, such as The IT Technical Support Handbook and Troubleshooting IT Systems and Networks. Alex lives in Bandar, Johore, Malaysia with his wife and two chilrdren. You can reach him at [email protected] or follow him on Website | Twitter | Facebook
