• Menu
  • Skip to main content
  • Skip to primary sidebar

The Cyber Security News

Latest Cyber Security News

Header Right

  • Latest News
  • Vulnerabilities
  • Cloud Services
is your ev charging station safe? new security vulnerabilities uncovered

Is Your EV Charging Station Safe? New Security Vulnerabilities Uncovered

You are here: Home / General Cyber Security News / Is Your EV Charging Station Safe? New Security Vulnerabilities Uncovered
February 3, 2023

Two new security weaknesses discovered in various electric motor vehicle (EV) charging methods could be exploited to remotely shut down charging stations and even expose them to data and strength theft.

The conclusions, which appear from Israel-based mostly SaiFlow, the moment once again display the opportunity dangers going through the EV charging infrastructure.

The issues have been identified in edition 1.6J of the Open Charge Level Protocol (OCPP) typical that works by using WebSockets for interaction among EV charging stations and the Charging Station Administration Program (CSMS) companies. The latest version of OCPP is 2..1.

✔ Approved From Our Partners
AOMEI Backupper Lifetime

Protect and backup your data using AOMEI Backupper. AOMEI Backupper takes secure and encrypted backups from your Windows, hard drives or partitions. With AOMEI Backupper you will never be worried about loosing your data anymore.

Get AOMEI Backupper with 72% discount from an authorized distrinutor of AOMEI: SerialCart® (Limited Offer).

➤ Activate Your Coupon Code


“The OCPP common would not define how a CSMS must accept new connections from a charge stage when there is currently an energetic connection,” SaiFlow scientists Lionel Richard Saposnik and Doron Porat said.

“The absence of a crystal clear guideline for a number of active connections can be exploited by attackers to disrupt and hijack the link in between the demand position and the CSMS.”

This also indicates that a cyber attacker could spoof a connection from a legitimate charger to its CSMS supplier when it is by now related, efficiently top to possibly of the two situations:

  • A denial-of-services (DoS) problem that arises when the CSMS service provider closes the original the WebSocket link when a new relationship is proven
  • Information and facts theft that stems from maintaining the two connections alive but returning responses to the “new” rogue link, permitting the adversary to obtain the driver’s personal facts, credit card information, and CSMS qualifications.

The forging is designed attainable owing to the point that CSMS vendors are configured to solely depend on the charging issue identification for authentication.

“Combining the mishandling of new connections with the weak OCPP authentication and chargers identities policy could direct to a large Dispersed DoS (DDoS) attack on the [Electric Vehicle Supply Equipment] network,” the researchers mentioned.

EV Charging Station

OCPP 2..1 remediates the weak authentication coverage by demanding charging issue credentials, therefore closing out the loophole. That explained, mitigations for when there are a lot more than a single link from a solitary charging place should really necessitate validating the connections by sending a ping or a heartbeat ask for, SaiFlow noted.

“If one particular of the connections is not responsive, the CSMS should really reduce it,” the researchers defined. “If both connections are responsive, the operator really should be ready to do away with the malicious connection straight or by means of a CSMS-built-in cybersecurity module.”

Located this write-up attention-grabbing? Comply with us on Twitter  and LinkedIn to read through more exceptional material we post.


Some elements of this article are sourced from:
thehackernews.com

Previous Post: «post macro world sees rise in microsoft onenote documents delivering malware Post-Macro World Sees Rise in Microsoft OneNote Documents Delivering Malware
Next Post: New Credential-Stealing Campaign By APT34 Targets Middle East Firms Cyber Security News»

Reader Interactions

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Primary Sidebar

Report This Article

Recent Posts

  • Chinese Hackers Exploit Fortinet Zero-Day Flaw for Cyber Espionage Attack
  • Pompompurin Unmasked: Infamous BreachForums Mastermind Arrested in New York
  • LockBit 3.0 Ransomware: Inside the Cyberthreat That’s Costing Millions
  • FakeCalls Vishing Malware Targets South Korean Users via Popular Financial Apps
  • Telegram, WhatsApp Trojanized to Target Cryptocurrency Wallets
  • Pro-Russian Winter Vivern APT Targets Governments and Telecom Firm
  • Google Exposes 18 Zero-Day Flaws in Samsung Exynos Chips
  • Free decryptor released for Conti ransomware variant infecting hundreds of organisations
  • Bitwarden to release fix for four-year-old vulnerability
  • THN Webinar: 3 Research-Backed Ways to Secure Your Identity Perimeter

Copyright © TheCyberSecurity.News, All Rights Reserved.