autoevolution
 

Security Flaws in Car Chargers Allow Malicious Actors to Infiltrate Homes

The smarter cars are getting, the bigger the chances for malicious actors to start targeting them, especially as new-gen technology allows them to launch sophisticated attacks that would eventually open the door to other devices as well.
Most vulnerabilities have already been resolved, customers urged to update software 12 photos
Photo: Wallbox
Volkswagen Mobile Charging Robot prototypeVolkswagen Mobile Charging Robot prototypeVolkswagen Mobile Charging Robot prototypeVolkswagen Mobile Charging Robot prototypeVolkswagen Mobile Charging Robot prototypeVolkswagen Mobile Charging Robot prototypeVolkswagen Mobile Charging Robot prototypeVolkswagen Mobile Charging Robot prototypeVolkswagen Mobile Charging Robot prototypeVolkswagen Mobile Charging Robot prototypeVolkswagen Mobile Charging Robot prototype
This is exactly the problem with a series of car chargers that are already on the market, according to research conducted by the security experts at Pen Test Partners.

In a whitepaper published recently, the experts inspected the security systems of several car charger brands, trying to figure out if bad actors can breach them and eventually obtain remote access.

Two brands, namely Wallbox and Project EV, proved to be the most vulnerable, with the researchers discovering that in some cases, a more sophisticated attack would have allowed a hacker to access the Wi-Fi network and then eventually monitor traffic or even break into other devices.

In other words, a malicious actor would have been capable of taking control of a car charger and then infiltrate your home by hacking the rest of the network the device was connected to.

The study shows that millions of smart EV chargers were vulnerable, and one brand used no authorization at all, which means a hacker would have needed only a couple of seconds to access a certain device remotely. The same brand used no firmware signing, so a malicious actor would have been able to send crafted software to pave the way for other attacks through the same network.

Needless to say, getting remote access to a car charger means the attacker obtained full control over it, not only to disconnect the car but also to remove the owner’s access.

The good news is that Pen Test Partners has already reached out to the manufacturers of the chargers and all API flaws have been remediated, so customers are now strongly recommended to update their software as soon as possible.

In the case of some chargers, the experts explain that with physical access to the charger, a hacker could still break into the software given it relies on Raspberry Pi hardware, but the likelihood of such an attack is obviously very low.
If you liked the article, please follow us:  Google News icon Google News Youtube Instagram X (Twitter)
About the author: Bogdan Popa
Bogdan Popa profile photo

Bogdan keeps an eye on how technology is taking over the car world. His long-term goals are buying an 18-wheeler because he needs more space for his kid’s toys, and convincing Google and Apple that Android Auto and CarPlay deserve at least as much attention as their phones.
Full profile

 

Would you like AUTOEVOLUTION to send you notifications?

You will only receive our top stories