Official forum for Utopia Community
You are not logged in.
Is Your Electric Vehicle Charging Station Secure? Uncovering New Security Vulnerabilities
Two new security weaknesses discovered in several electric vehicles (EV) charging systems could be exploited to remotely shut down charging stations and even expose them to data and energy theft.
The findings, which come from Israel-based SaiFlow, once again demonstrate the potential risks facing the EV charging infrastructure.
The issues have been identified in version 1.6J of the Open Charge Point Protocol (OCPP) standard that uses WebSockets for communication between EV charging stations and the Charging Station Management System (CSMS) providers. The current version of OCPP is 2.0.1.
"The OCPP standard doesn't define how a CSMS should accept new connections from a charge point when there is already an active connection," SaiFlow researchers Lionel Richard Saposnik and Doron Porat said.
"The lack of a clear guideline for multiple active connections can be exploited by attackers to disrupt and hijack the connection between the charge point and the CSMS."
This also means that a cyber attacker could spoof a connection from a valid charger to its CSMS provider when it's already connected, effectively leading to either of the two scenarios:
A denial-of-service (DoS) condition that arises when the CSMS provider closes the original WebSocket connection when a new connection is established
Information theft that stems from keeping the two connections alive but returning responses to the "new" rogue connection, permitting the adversary to access the driver's personal data, credit card details, and CSMS credentials.
The forging is made possible owing to the fact that CSMS providers are configured to solely rely on the charging point identity for authentication.
"Combining the mishandling of new connections with the weak OCPP authentication and chargers identities policy could lead to a vast Distributed DoS (DDoS) attack on the [Electric Vehicle Supply Equipment] network," the researchers said.
EV Charging Station
OCPP 2.0.1 remediates the weak authentication policy by requiring charging point credentials, thereby closing out the loophole. That said, mitigations for when there are more than one connection from a single charging point should necessitate validating the connections by sending a ping or a heartbeat request, SaiFlow noted.
"If one of the connections is not responsive, the CSMS should eliminate it," the researchers explained. "If both connections are responsive, the operator should be able to eliminate the malicious connection directly or via a CSMS-integrated cybersecurity module."
Offline
If hackers and thefts can develop something that can remotely shut down electric vehicle charging stations and even expose them to data and energy theft why would anyone still doubt the future of privacy and security network.
Offline
This are just the disadvantages of going high tech, many people still crave for electric cars but don’t know the limitations and the risk it offers I believe we need to do proper research.
Offline
This are just the disadvantages of going high tech, many people still crave for electric cars but don’t know the limitations and the risk it offers I believe we need to do proper research.
The use of an electric car is never a bad idea if you ask me but the team involved have to do constant development of the vehicle software because theft will always try to find the vulnerability of new innovation for their own selfish gain.
Offline
If hackers and thefts can develop something that can remotely shut down electric vehicle charging stations and even expose them to data and energy theft why would anyone still doubt the future of privacy and security network.
When the time comes and people see how they are badly affected by not using the privacy network they will have no choice but to give in. The time is coming.
Offline
CrytoCynthia;4863 wrote:This are just the disadvantages of going high tech, many people still crave for electric cars but don’t know the limitations and the risk it offers I believe we need to do proper research.
The use of an electric car is never a bad idea if you ask me but the team involved have to do constant development of the vehicle software because theft will always try to find the vulnerability of new innovation for their own selfish gain.
You have point whenever a new technology is developed online theft will want to take advantage of it to enrich their own pocket and this is the reason why I like the idea of the Utopia p2p code being closed source.
Offline
thrive;4928 wrote:CrytoCynthia;4863 wrote:This are just the disadvantages of going high tech, many people still crave for electric cars but don’t know the limitations and the risk it offers I believe we need to do proper research.
The use of an electric car is never a bad idea if you ask me but the team involved have to do constant development of the vehicle software because theft will always try to find the vulnerability of new innovation for their own selfish gain.
You have point whenever a new technology is developed online theft will want to take advantage of it to enrich their own pocket and this is the reason why I like the idea of the Utopia p2p code being closed source.
But some people are complaining about the project being a closed source as their drawback. Could we classify them as people who are naive about the major reason why the Utopia p2p ecosystem is a close source?
Offline
full;4942 wrote:thrive;4928 wrote:The use of an electric car is never a bad idea if you ask me but the team involved have to do constant development of the vehicle software because theft will always try to find the vulnerability of new innovation for their own selfish gain.
You have point whenever a new technology is developed online theft will want to take advantage of it to enrich their own pocket and this is the reason why I like the idea of the Utopia p2p code being closed source.
But some people are complaining about the project being a closed source as their drawback. Could we classify them as people who are naive about the major reason why the Utopia p2p ecosystem is a close source?
Yes, we could classify them as naive people because they never understand the true intention of the Utopia p2p developer team. However, most of the people are from opponent projects that want to imitate Utopia p2p but couldn't do it due to the code being a close source.
Offline
thrive;4946 wrote:full;4942 wrote:You have point whenever a new technology is developed online theft will want to take advantage of it to enrich their own pocket and this is the reason why I like the idea of the Utopia p2p code being closed source.
But some people are complaining about the project being a closed source as their drawback. Could we classify them as people who are naive about the major reason why the Utopia p2p ecosystem is a close source?
Yes, we could classify them as naive people because they never understand the true intention of the Utopia p2p developer team. However, most of the people are from opponent projects that want to imitate Utopia p2p but couldn't do it due to the code being a close source.
Maybe is through their naiveness but it's not everybody that is that naive about the important of privacy project because we have a situation some people just choose not to like privacy related for nothing.
Offline