Kaspersky Lab: vulnerabilities in connected EV chargers could damage home networks
18 December 2018
Kaspersky Lab experts report that electric vehicle chargers supplied by a major vendor carry vulnerabilities that can be exploited by cyber-attackers, and the consequences of a successful attack could include damage to the home electricity network. While modern electric vehicles are tested constantly for vulnerabilities, this research reveals that some of their essential accessories, such as battery chargers, may remain at risk.
The Kaspersky researchers found a way to initiate commands on the charger to either stop the charging processor or set it to the maximum current possible. While the first option would only prevent a person from using the car, the second one could potentially cause the wires to overheat on a device that is not protected by a trip fuse. If compromised, the connected charger could therefore cause a power overload that would take down the network to which it was connected. This could result in significant financial impact and, in the worst-case scenario, damage to other devices connected to the network.
To change the amount of electricity being consumed, all that an attacker would need to do is obtain access to the Wi-Fi network to which the charger is connected. Since the devices are designed for home users, security for the wireless network is likely to be limited. This means that attackers could easily gain access, for example, by bruteforcing all possible password options—a common method of attack.
According to Kaspersky Lab statistics, 94% of attacks on IoT in 2018 came from Telnet and SSH password bruteforcing. Once inside the wireless network, the intruders can easily find the charger’s IP address, which, in turn, will allow them to exploit any vulnerabilities and disrupt operations.
All the vulnerabilities discovered by Kaspersky Lab researchers were reported to the vendor and have now been patched.
To protect smart devices, including electric vehicle accessories, Kaspersky Lab recommends the following security measures:
Regularly update all smart devices to the latest software versions. Updates may contain patches for critical vulnerabilities, which, if left unpatched, could give cybercriminals access to your home and private life.
Do not use the default password for Wi-Fi routers and other devices. Immediately after install, change it to a strong password, and do not use the same password for several devices.
Isolate the smart home network from the network used for basic internet searching. This is to ensure that if a device is compromised with malware, the smart home system will not be affected.
Kaspersky Lab is a global cybersecurity company which has been operating in the market for more than 21 years.
Comments