Powerful and seriously flawed chargers have "inadvertently created a cyber weapon."
Electric car charging stations and smart home chargers are extremely vulnerable to cyberattacks, according to new research by security consulting firm Pen Test Partners.
The researchers tested six brands of home chargers as well several publicly available charging networks and found some glaring flaws in most of them — symptomatic of a serious gap in consumer protection regulations.
The problems arise from home chargers that are designed to allow users to monitor the state of their vehicles from a distance via an app.
“We found vulnerabilities that allowed account hijack of millions of smart EV chargers,” Pen Test Partners‘ blog reads.
As a result, the — fortunately — white hat hackers were able to remotely override user functionalities and turn charging off and on from a distance.
In even more egregious instances, the researchers were able to “back door” their way into EV owners’ entire home networks, allowing them potential access over other devices in the home.
Some brands of home chargers even made use of Raspberry Pi modules, which are cheap off-the-shelf single board computers.
“We love the Pi, but in our opinion, it’s not suitable for commercial use in public devices as it is very difficult to fully secure it against the recovery of stored data,” the researchers wrote.
As for the public chargers, the team found that thanks to their ability to remotely turn chargers on and off, the network’s cybersecurity flaws could be turned into “a cyber weapon that others could use to cause widespread power cuts.”
It’s a worrisome trend that’s bound to end in consumer information being hijacked — and at worst, leading to larger structural issues. But regulators have a chance to ensure it never comes to that in the future.
READ MORE: EV charging security is a shit show [The Next Web]
More on EV charging: Electric Cars Have One Problem: They Keep Lighting People’s Houses on Fire