Hackers already infiltrate EV chargers. It could only get worse.
grist.org
Most intrusions have been innocuous, but a nefarious plot could bring down the grid. Experts have suggestions for improving the security of EV chargers.

one featured a picture of President Biden pointing his finger, with an “I did that!” caption. the hosts of The Kilowatts tweeted a video showing it was possible to take control of an Electrify America station’s operating system. cracks could conceivably permit hackers to access vehicle data or consumers’ credit card information

  • Veltoss@lemmy.worldEnglish
    61·
    1 year ago

    As bad as this may seem, and not to try to downplay it, this seems like a good time to remind people that this kind of vulnerability isn’t limited to cars charging at public spaces. Any time you connect devices to anything in a space you don’t control, you’re vulnerable. That goes for public wifis (many of which are just businesses farming your data + hacker risks), and public charging stations that could have compromised chargers with malware.

    • Earthwormjim91@lemmy.worldEnglish
      12·
      1 year ago

      Also, people have been putting skimmers and other things on gas pumps for a loooong time and stealing credit cards.

      • PlaidBaron@lemmy.worldEnglish
        1·
        1 year ago

        Can confirm. I had my CC skimmed at a gas pump before I bought my EV.

        The thing is, I have only used public chargers maybe 10 times total. 99% of the time I plug it in at home where I know no one is gonna steal my CC number.

    • Name is Optional@lemmy.worldEnglish
      2·
      1 year ago

      My mom always told me I should clean public toilet seats before I sat down, otherwise I’d get an STD or something worse.

  • Wr4ith@lemmy.worldEnglish
    27·
    1 year ago

    As awful as it is, this should be a wake up call that systems need to be protected and security can’t be an afterthought. Ev charging stations just be money trees for corporate groups to set and forget without consequences.

    I don’t feel bad at all for them. I will say that the political jab is absolutely trash tier though. What kind of mongoloid berates proponents of clean energy (rhetorical).

    • Gellis12@lemmy.caEnglish
      16·
      1 year ago

      I mean, the one and only reason they exist was because Volkswagen got caught cheating diesel emissions tests. As part of their punishment, they were required to create an ev charging network, and it seems they’ve been dragging their heels the whole time, trying to make it fail.

      • Kalkaline @lemmy.oneEnglish
        21·
        1 year ago

        They work reasonably well, and with our ID.4 it comes with 3 years of free 30 min charging sessions with E.A. That got us from Dallas to California and back.

  • AlternateRoute@lemmy.caEnglish
    91·
    1 year ago

    You mean like all the cars skimmers already found at pay at the pump systems or ATMs? Shocking.

    Recalls that at least one brand of EV charger has no screens or keypads and works completely off vehicle hand shake or app unlock, has high uptime from constant monitoring… Can’t remember the name… hmm

    • Funwayguy@lemmy.worldEnglish
      3·
      1 year ago

      Expecting all network operators to do that is not feasible or reliable. Tesla controls the car, protocol, charger, and payment processing. Everyone else outside the walled garden is openly handling a much bigger market with many more variables in more countries. Forcing customers to use an app for each brand of charger is also an accessibility nightmare. Fear mongering about skimmers is a dumb reason to remove traditional payment methods.

      This is all before we get to the lack of screen or keypad means fuck all to security (it’s also an accessibility issue to remove them). If I can break into a Tesla charger wirelessly and fuck with your car, I’m going to do it, walled garden or not. Just look at the state of IoT.

      EDIT: This comment aged well https://thedriven.io/2023/07/18/tesla-supercharger-spotted-with-credit-card-reader/

      • AlternateRoute@lemmy.caEnglish
        3·
        1 year ago

        Tesla controls the car, protocol, charger, and payment processing.

        They support CCS as the protocol

        Everyone else outside the walled garden is openly handling a much bigger market with many more variables in more countries.

        Tesla has more cars than just about all the rest of the market… Name a charing provider that operates in a country tesla does not?

        Forcing customers to use an app for each brand of charger is also an accessibility nightmare.

        Funny enough a large number of these charging providers require that ON TOP of having poor monitoring and security for the charging terminals.

        Fear mongering about skimmers is a dumb reason to remove traditional payment methods.

        Didn’t really suggest removing them, I pointed out it is already an issue at nearly all gas stations. Not a new problem.

        If I can break into a Tesla charger wirelessly and fuck with your car

        Already started to happen with ICE cars back in 2015 are already vulnerable to wireless exploit, no charging network or gas station needed. At least with a Tesla you get quick wireless security updates, no waiting for a recall notice and trip back to the dealer.

        • Funwayguy@lemmy.worldEnglish
          3·
          1 year ago

          They support CCS as the protocol

          CCS is is only supported through a PLC translation chip on the vehicle side or a rare Magic Dock adaptor, and only when one side is non-Tesla. Outside of that, CCS is not a factor and the proprietary 11bit CAN bus protocol is used natively. Hence, Tesla controls every side of the equation on their protocol and payment processing without having to communicate with 3rd parties.

          Name a charging provider that operates in a country tesla does not?

          ABB chargers in India

          Tesla you get quick wireless security updates, no waiting for a recall notice and trip back to the dealer.

          This isn’t new or innovative. OTA updates for cars have been around years before EVs. But usually those don’t stop the car from starting then still be towed to said dealer because the update wasn’t properly tested or have fallbacks in case of failure.

          Point is, shit is going to happen across the board for everyone and Tesla is NOT some golden child. It’ll just be another Apple case where dumb security claims get touted until hackers bring them down a peg or two.

          • AlternateRoute@lemmy.caEnglish
            1·
            1 year ago

            CCS is is only supported through a PLC translation chip on the vehicle side or a rare Magic Dock adaptor, and only when one side is non-Tesla.

            In the US, in Europe they have the CSS2 plug, and owners of other cars can use the Tesla App to charge at super chargers. (if we are talking globally not just NA)

            ABB chargers in India

            The do have superchargers there, but they aren’t active due to the hang up of selling cars there. Would argue that Tesla operates a reliable charging network in more countries than any other charging network does currently.

            Point is, shit is going to happen across the board for everyone

            Yep, it just sounded like you were suggesting this was an EV thing or a Tesla thing… It isn’t everyone needs to do better at security.

            Going back to the main topic. It seems odd that so many “dedicated” charging providers SUCK at being charging providers.

    • WarmSodaEnglish
      4·
      1 year ago

      I don’t know. If a hacker in a 90’s movie did this it would a cool trick to impress everyone. He’d tell everyone about it in his introduction speech, and later on he’d do it in the background for comedy relief.