This Is How Easy It Is to Hack EV Chargers | WSJ

[reffahcs]

It's a little sensationalized, but interesting none the less. Makes me want to take apart my FCSP and poke around.

Sponsored

 

[Maxx]

My charger is usually connected to the truck when it is charging so I doubt it could be used to bring the grid down.

I was not a fan of a connected charger but the deal was too good to pass.

 

[Newton]

Although I don’t really like smart chargers this is just alarmist and they intentionally conflate home EVSEs and DC fast chargers. It would be really hard to hurt the EV because the logic is done in the car, not the charger.
At the nation state level knowing a zero day bug in both the EVSE and the car could let you do … something perhaps but the protocol between car and EVSE is pretty narrow which means opportunities for exploits are low. I’d attack the “Over air updates” instead. Rivian bricked a few cars with a bad one.

If you worry about your EVSE you should be petrified of your refrigerator.

My clipper creek is hacker proof.

 

[reffahcs]

Although I don’t really like smart chargers this is just alarmist and they intentionally conflate home EVSEs and DC fast chargers. It would be really hard to hurt the EV because the logic is done in the car, not the charger.
At the nation state level knowing a zero day bug in both the EVSE and the car could let you do … something perhaps but the protocol between car and EVSE is pretty narrow which means opportunities for exploits are low. I’d attack the “Over air updates” instead. Rivian bricked a few cars with a bad one.

If you worry about your EVSE you should be petrified of your refrigerator.

My clipper creek is hacker proof.

Yeah their link to infrastructure was a little flimsy and that's why I was saying it was a bit sensationalized. I was thinking the same thing when they were talking about power surges. If a car is fully charged or can't handle a higher rate, I'm not sure if that's something the charger can override?

I think the practical implications for the average person comes back to privacy concerns, how much data is collected by a charger, and if individuals are concerned with that data being possibly accessible by others.

 

[Maquis]

Shouldn’t be a problem with the FCSP. Half the time you can’t connect to it even with the proper credentials.

 

[bmwhitetx]

Just more meat for certain national news outlets to bash EVs. I’m sure my mother-in-law will inform me of this big issue the next time I see her.

I don’t click on these vids anymore, they’re a waste of time. But appreciate the heads up from those that do. Then I click ignore thread .

 

[VTbuckeye]

Is there a way to hack the evse to force the car to accept more power than it is asking for? Can a dcfc tell the car, too bad, you only want 50kW, but I'm giving you 250kW? I am unaware of those possibilities. It would suck to have your car charging and then have something happen (malicious or otherwise) and have the charging stop but if all of a sudden EA or Tesla had all of their dcfc stop I doubt the grid would be adversely affected. It is probably a bigger concern that a hacker (large terrorist organization or state sponsor) would do something to be corrupt/kill the grid, but it isn't going to done by turning on every evse all at once. And on top of that the affected units need to be plugged into a vehicle that is capable of receiving a charge (if your set to charge to 90 and the car is already at 90, the evse isn't going to force more energy into the battery).
Seems like this guy is coming up with a solution in search of a problem, well not even a solution, just a problem that doesn't really exist.

 

[Amps]

Just more meat for certain national news outlets to bash EVs. I’m sure my mother-in-law will inform me of this big issue the next time I see her.

No coincidence that WSJ is run by the same Australian billionaire family.

 

[MickeyAO]

Is there a way to hack the evse to force the car to accept more power than it is asking for? Can a dcfc tell the car, too bad, you only want 50kW, but I'm giving you 250kW? I am unaware of those possibilities. It would suck to have your car charging and then have something happen (malicious or otherwise) and have the charging stop but if all of a sudden EA or Tesla had all of their dcfc stop I doubt the grid would be adversely affected. It is probably a bigger concern that a hacker (large terrorist organization or state sponsor) would do something to be corrupt/kill the grid, but it isn't going to done by turning on every evse all at once. And on top of that the affected units need to be plugged into a vehicle that is capable of receiving a charge (if your set to charge to 90 and the car is already at 90, the evse isn't going to force more energy into the battery).
Seems like this guy is coming up with a solution in search of a problem, well not even a solution, just a problem that doesn't really exist.

Actually, this has been done and there is a thread on this forum. Once you find it, here is a little of the backstory

A while back I was giving a tour of my lab to some cybersecurity guys from another division at the Institute. These are the guys that get hired to penetrate systems. I mentioned that if I was going to design an attack, I would go after the charging..I was thinking along the lines of a virus that would spread to EVSE and vehicles.

They got funded for an internal research project and went with a man in the middle attack (my name is also listed on the IR). You will want to find the thread for the details of what all they managed to do.

This was on a Level 2 EVSE...we are waiting to hear if we get funded for a DCFC attack.

 

[reffahcs]

Actually, this has been done and there is a thread on this forum. Once you find it, here is a little of the backstory

A while back I was giving a tour of my lab to some cybersecurity guys from another division at the Institute. These are the guys that get hired to penetrate systems. I mentioned that if I was going to design an attack, I would go after the charging..I was thinking along the lines of a virus that would spread to EVSE and vehicles.

They got funded for an internal research project and went with a man in the middle attack (my name is also listed on the IR). You will want to find the thread for the details of what all they managed to do.

This was on a Level 2 EVSE...we are waiting to hear if we get funded for a DCFC attack.

Thanks for that note. I was able to find the article on SwRI's public site. Is the report available for public release? I work in cyber security for a not-for-profit and was wondering if you'd be able to send me the report if I pm you my work email?

 

[MickeyAO]

Thanks for that note. I was able to find the article on SwRI's public site. Is the report available for public release? I work in cyber security for a not-for-profit and was wondering if you'd be able to send me the report if I pm you my work email?

Sorry, that report is owned by another division and while I got a copy of the final report, I cannot send it. There are contact points in the press release that you might try to get a copy.

Sponsored