[AUTOMOTIVE SECTOR] Discovery of a security flaw in electric vehicle chargers

Electric vehicles are becoming increasingly popular, but the lack of free charging infrastructure continues to hamper the market. To remedy this situation, home electric vehicle chargers have begun to proliferate, allowing consumers to fill up their vehicles from their own garage. Some of them offer remote control of the charging process, which is quite convenient for consumers. However, this could quickly become a disadvantage: Kaspersky Lab researchers looked at one of the stations, known as the ChargePoint Home offer, and found a series of vulnerabilities that could allow a hacker to freely access the device. To register a new account , a user would connect a smartphone to the device via Bluetooth, set the parameters of a Wi-Fi network for an internet connection, and finish the registration process by sending the created user ID and the smartphone’s GPS coordinates. For further investigation, the researchers connected the charging station to their Wi-Fi network.  It was trivial to bypass the authentication mechanism in order to add a new user. “All an attacker needs to do to conduct an attack is obtain Wi-Fi access to the network the charger is connected to,” explained Dmitry Sklyar, security expert at Kaspersky Lab, speaking to Threatpost. “Since the devices are intended for home use, the security of the wireless network may be limited. This means that attackers could easily access it, for example by brutally forcing all possible password options”. Kaspersky specialists also alerted the public to the fact that such hacking would allow attackers to generate an overload or a fire. Kaspersky forwarded the discovered flaw to the relevant car manufacturer so that he could quickly correct it.  Kaspersky recommends regular updates of smart devices and changing their default passwords. In addition, users should isolate the home network from the network used by their personal devices to perform basic Internet searches. This ensures that if a device is compromised by malware, your intelligent home system will not be affected.