Slashdot Mirror
Hackers Could Abuse Electric Car Chargers To Cripple the Grid, Researchers Say
alphadogg writes "Hackers could use vulnerable charging stations to prevent the charging of electric vehicles in a certain area, or possibly even use the vulnerabilities to cripple parts of the electricity grid, a security researcher said during the Hack in the Box conference in Amsterdam on Thursday. While electric cars and EV charging systems are still in their infancy, they could become a more common way to travel within the next 10 years. If that happens, it is important that the charging systems popping up in cities around the world are secure in order to prevent attackers from accessing and tempering with them, said Ofer Shezaf, of HP ArcSight. At the moment, they are not secure at all, he said."
I've just applied for a patent on a device I call a "fuse". You can put arrays of them in a thing I call a "fuse box". They prevent too much current from passing along a wire.
No sig today...
Editors astonished.
A hacker could just as concievably shut down the computer or payment system in a traditional gas station rendering it useless. Or disrupt the credit authentication system. Or a terrorist could bomb them.
Just because its an EV does not make it or its infrastructure any more or less succeptible to an attack of some kind. To say otherwise just discourages people from looking at it as an alternative and is FUD.
Silence is a state of mime.
When all one needs is a match to cause chaos at any one of the 100,000+ gas stations across the country, it seems rather strange that we're raising the physical security flag on this. Not saying he doesn't have a point, just seems to wash out when looking at what you could do today with so little.
My house is connected to the electrical grid, and yet for some reason (safety design perhaps?), I highly doubt I could take out a city block from my bedroom outlet.
[...] in order to prevent attackers from accessing and tempering with them, [...]
temper /tempr/ Verb: Improve the hardness and elasticity of (steel or other metal) by reheating and then cooling it.
How does this relate to EV chargers and why would it be important to prevent people from using them for this task.
I think you have accidentally posted this piece to the wrong site, sir. There are too many people here who have a clue for your tactic to work. I suggest you try "SeekingAlpha" or "Forbes", if you want to manipulate a market more effectively.
A republic cannot succeed till it contains a certain body of men imbued with the principles of justice and honour.
Where is the problem ? Render teh charging station a vending machine: you throw in credit and you can fill up said amount. A very simple, nuke-proof (if done right), system. If you want to support plastic of stuff like LTC it get's more complicated bu even those types of transaction can be secured with acceptable effort.
Why bother crippling the grid by hacking chargers when they could just hack it directly
Those are not "hackers". The rest is FUD (even if it could be true; anyone with a brain can figure this one out--why do we need "researchers" to tell us the obvious) and so I've saved some time by not even reading all of the excerpt.
A few days ago, Bruce Schneier launched the Sixth Movie Plot Contest, with the goal of creating catastrophic but plausible things that "cyberwarriors" and evil hackers could do to destroy America. There are some fascinating ones, that's for sure, but the real point is that if you try to defend against everything that could happen, you'll waste most of your efforts.
I am officially gone from
What could possibly go wrong with petrol/gas pumps ?
Isn't there a simple answer to this, DON'T MAKE THE STUPID CHARGING STATIONS REMOTELY ACCESSIBLE. There has to be ways to make sure the stations aren't putting too much strain on the power grid without tying them into some massive (insecure) control structure. Maybe wire them all into a single meter, and have the meter act as a smaller network letting the group of stations use a certain amount of power depending on the time of day. For personal chargers utilities could give homeowners a bill credit if they only charge their cars between specified times. While creating a centralized control network is easier from an administrative point of view, it creates far too much risk of some miscreant or criminal/foreign element using it with malice.
The web-servers are being hacked mostly to send spam. I do not see why would one want to hack remotely into a charger.
I've just applied for a patent on a device I call a "fuse". You can put arrays of them in a thing I call a "fuse box". They prevent too much current from passing along a wire.
Can you sell them to the crew of the Enterprise? The number of exploding consoles they have...
It's little known fact that everyone and all systems are just on one deck. That's why when you you see the Enterprise, you just see a few rooms. Only the senior officers have quarters - everyone else sleeps on racks in one big room that would make a 18th Century British frigate look like a luxury liner of today - first class.
The rest of the ship is for spare parts.
Readers not astonished.
Happiness in intelligent people is the rarest thing I know.
Ernest Hemingway
Nice try, Exxon FUD department...
Hackers could use paper clips to cause the Earth to fall into the sun....
It irritates me that people misuse English with language like "it is important that the charging systems popping up in cities around the world are secure in order..."
where the present tense is used. Should be "it is important that the charging systems popping up in cities around the world be secure in order..." which you notice avoids the present-only mis-implication...
This is good to know. I also just applied for a patent on a device I call a "fuse" for mobile devices. Expect to hear from my lawyers soon.
Imagine if we didn't have to worry about some ding-dong breaking things just because they could. We would have pneumatic tubes to every house, kitchen lasers for cutting would be common place, and small nuclear reactors in our back yards
"When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
... except with an axe. This is why we should all switch to four legged power and methane scoops for the pooping area. I submit, this is the greatest idea ever conceived since the wheel.
If computers were people, I'd be a misanthrope.
If by "adequate" you mean "no", well then yes. I managed three gas stations for two years and I can tell you the "security" is entirely composed of humans earning close to minimum wage. Most of them are stoned part of the day.
How exactly do you expect me to provide more "protection" to my charging point (which is in my garage) than I already have? You'd have to break a door down and flip a physical switch for starters. Even the Internet-connected public charging stations are too stupid for major exploits; you can do more damage exploiting HP laserjets in power plants (true fact).
Movie plot, not reality.
Here in reality, the SAE J1772 EV connector is hard-wired for current limitation. It's not programmable. And the grid's regulated and fused, and EV chargers are not "high power equipment" compared to the stuff in any machine shop, car wash, laundromat, or even the electric water heaters on one city block (and for more than 20 years the power company in my area has offered discounts to people who allow their water heaters to be fitted with remote controls).
The closest you could get to this ridiculous FUD is if you hacked the cars themselves, not the chargers. But of course modern gas and diesel cars are just as hackable, so that won't be mentioned.
Hey, but what do I know, I'm just some guy with actual real-world experience, not a fear-mongering "researcher" with a political axe to grind.
It's always blown me away how hostile slashdotters are to green tech. Green tech means jobs and wealth and social mobility for the intelligent.
Well, if the greedy power companies would not have smart meters, this would not be as much of a problem.
Hackers could abuse ______ to _____ a/the ____.
We should stick with nice, safe, harmless gasoline.
Totally harmless...
"MIT betrayed all of its basic principles."
That a terrorist couldn't abuse the wide variety of location which contain thousands of gallons of highly flammable liquid?
Just think if 10% of the population have electric vehicles, coming home at the end of a hot day in the middle of summer, and then all dutifully plugging in their cars to the grid at roughly the same time.
Most regions have issues where they reach peak energy production at times during the summer so I can't imagine how much more load hundreds of thousands of electric vehicles will have. Remember that no gas car is consuming electricity today so every new electric vehicle that plugs in is an added burden to a system that is already stressed and often antiquated in many places.
I know that at least in Ontario we have a program where we can opt to have smart thermostats where the grid can adjust your cooling temp a few degrees down during peak usage to help stave off a pending outage. I think a system like this program should be mandatory for anybody buying an electric vehicle so that if there if the grid is nearing peak usage all these electric cars could go into a trickle charge mode, or at least force deferred charging to off peak hours.
I haven't thought of anything clever to put here, but then again most of you haven't either.
Brought to you by Exxon, GM, TSA, cops looking for a job, etc.... Come on, I can't take the hype anymore. SHUT UP!
I already have a patent on "Fuses" used in computers.
Your "Mobile Device" seems to just be a small version of a computer.
Pay Me.
Why is it so hard to only have politicians for a few years, then have them go away?
This brings to mind something else I've been wondering lately. Are the new electric meters that are going in capable of disconnecting service by remote command? If so, I'd think that would be an even jucier target for hacker disruption.
Many manufacturers need a license to put anything controllable on the Net. Devices need to be certified that they are not openly hackable or a danger sitting out there in the big wide world....
When I RTFAed, the impression I got is that the charging stations cooperate with one another and trust one another. That is, one charging station can influence the behavior of others. Furthermore it's supposedly relatively easy to get a charging station's signing key and then impersonate that charging station. That is, I can say I'm a nearby charging station who si charging 100 cars right now, and thereby persuade other charging systems that right now isn't a good time for them to charge their cars, or charge them slowly. DoS, via lying about a resource being scarcer than it really is.
The ease of impersonation is not really an EV issue, but rather a defect in how these particlar EV charging systems work. The machines are not well-protected.
The reason the impersonation matters (why the cooperation and trust happens in the first place) is where the EV-specific tech comes in. Gas pumps scale better than electricity "pumps," because they're buffered by gas stations' storage tanks. If ten gas stations are all working at the same time, it doesn't put extra pressure on the gas-delivery tankers, the way that ten charging stations working at the same time, puts pressure on the shared electricity system.
This is not EV FUD; no implications were made that EV should be avoided. It's a call to people to protect their EV chargers, make the keys harder to get, or have chargers deal with the trust issues different, or buffer the energy at night so they don't need to cooperate with one another, etc.
If there's FUD, it's against certain manufacturers.
"Believe me!" -- Donald Trump
Just use IPv6 on the devices.
You know, at some level, everything can be hacked and abused. Unfortunately, we live in a world where societal forces can't sway people to do the "right thing" (i.e., "this is why we can't have nice things"). It's stupid how much extra we have to build into systems to protected against both stupidity and malice.
I'm pretty sure I'm not getting my thought out properly, but basically, we'd be much better off if people were basically good and honorable. But because people don't appear to be basically good and honorable, we have to expend so much effort to protect against them. It's sad.
plz see this site
www.whatacash.com
of Who Framed Roger Rabbit?
Maybe http://en.wikipedia.org/wiki/General_Motors_streetcar_conspiracy has something to do with it?
This argument is irrelevent. Many folks here on /. bitch about the fact that when a product is designed some engineer didn't think about all the possibilities for use or why didn't they do it this way or that way. Building in security, scalability, and reliabilty from the start IS the perfect way to do things, imho. I mean this is the whole point of the article anyway, the author is complaining that the chargers were put into production with no thought of security at all! How many times have we as a community complained that the security was a slapped on after thought?
You didn't have a valid response so you threw out a non-sequitor. The fact that the product isn't ubiquitous has nothing to do with its design. When a product isn't in popular circulation is the perfect time to shake out the bugs and address unforseen consequences before it does affect "A few hundred million."
You were smart to post as AC; I am modding down your post as Overrated cause some asshat thought it was "interesting"
You and I (and other EE's here) know what a smart charger is and you are absolutely correct-- they're self regulating chargers. I believe this is a simplification of terminology for laymen or because there actually are chargers that can connect to a network and run a webserver. They're used in newer PV arrays, UPSs, and similar so you can log performance and set configurations. I am sure that the designers and especially the power companies themselves will want live power consumption rates and so adding that to the chargers is a no-brainer. Whether they are actually dumb enough, and I believe they are, to hook them up to the greater Internet remains to be seen. They are already being that sloppy in my area with the "Smart Meters." I don't have one at my new residence but at my old one, it was just spewing a good old fashioned 802.11g wifi signal! I guess the meter reader just drove around picking up the data as they passed, or maybe they had some kind of routing device up on the pole, I am uncertain.
As an aside, dude, you often post some quite insightful shit. Do you have to be such a pretenious ass about it though? If you believe there are no smart chargers that can be network connected then, in your own words: "I stringly[sic] suggest you actually read up on the subject."
The correct guy was fired because at least as of last year, a software engineer can't be a Professional Engineer (PE) but IEEE is working on that. PE's are required to sign off on the final product and oversee all the certifications and whatnot. In theory, if that thing kills somebody, it's their fault and they carry appropriate insurance because of it. Yes, I know that doesn't really discount your smartass remark, because it wasn't you (the programmer) that got fired but that PE got paid a fuckton more cash to take the fall for you and his insurance should keep him out of bankruptcy. He'll be working again very soon I assure you as Profession Engineering Fallguys are kind of hard to come by. And he's still gonna make more money than you and he's got a union too!
That dude was just being a pendantic asshole. Btw pedantic is evidently a commonly used British word that I have taken a liking to and use it as much as possible these days, THANKS :) Few in America know what it means.
We call all kinds of stuff here gas. As you mentioned it depends on context. Our whole version of english does. First off you have to have been paying attention to the conversation long enough to know what the subject was. People know you don't heat a house with gasoline (usually!) but natural gas so that clears that part up. Also if you say "I have gas," I automatically assume unless you quantified it more, that you have to fart. Also oxygen and other things in a gaseous state, are usually just referred to by name. It's a clusterfuck! So to summarize:
gasoline (sometimes diesel too!! it's regional, mainly southern)= gas
natural gas= gas
farts=gas
something in the gaseous state=gas
something funny=that's a gas (archaic)
nitrous oxide=laughing gas
and so on and so on
I personally don't like the word petrol, it doesn't roll of the tongue well. I use whatever term is appropriate wherever I am if I can learn it but then again I'm more of the "when in Rome" type and that isn't a typical American trait sadly.
Those lawmakers & rich folks most certainly could be the ding dongs he's referring to. The term is so vague. It isn't always just a drunk ass redneck doing something stupid, or a moron, or mischievious asshole, or whoever you thought it might have been. It's vague on purpose. So yeah, if we didn't have a bunch of haters being assholes then we could have those things, but it'll never happen. That would require reprogramming our DNA.
Wouldn't it be easier to just gain access to a substation and take the capacitors offline? In 2011 that took out several counties and parts of Mexico, by incorrectly flipping one single switch on a capacitor in the grid. Who cares if a few people can't charge their electric cars compared to the whole city with no power and the airports, trains, gas pumps, ATM's, water pumping stations, sewer pumping stations, television stations, some radio stations, cell phone towers, and traffic lights all fail when someone accesses a substation and flips a switch? No hacking required, unless maybe there is a digital security system at the substation. Nothing a pair of bolt cutters can't solve.