Security News > 2022 > November > Shocker: EV charging infrastructure is seriously insecure

That's what scientists at Sandia National Laboratory in Albuquerque, New Mexico have concluded after four years of looking at demonstrated exploits and publicly-disclosed vulnerabilities in electric vehicle supply equipment, as well as doing their own tests on 10 types of EV chargers with colleagues from Idaho National Lab.

In one case, researchers managed to sniff out and interrupt charging using a software defined radio with less than 1W of power from 47 meters away "On all seven vehicles and 18 EVSEs that they investigated."

EVSE internet interfaces have problems that are easy to guess: They often use insecure web services that can be accessed from a local smartphone or computer, while chargers from several manufacturers can be found on the public internet.

What have we learned? That the EV charging industry seems to have treated cybersecurity the same way as the companies behind the Internet of Things: As an afterthought.

The team also suggested implementing better methods of EV owner authentication, like plug-and-charge public key infrastructure, as well as network intrusion detection systems, code-signed firmware updates and other habits it covers in its charging industry best-practices [PDF] suggstions.

Together, the three are working to develop a system for EV chargers that uses new methods to protect public infrastructure from ne'er-do-wells.

News URL

https://go.theregister.com/feed/www.theregister.com/2022/11/15/ev_charging_infrastructure_sandia/