Slashdot Mirror
Hackers Could Abuse Electric Car Chargers To Cripple the Grid, Researchers Say
alphadogg writes "Hackers could use vulnerable charging stations to prevent the charging of electric vehicles in a certain area, or possibly even use the vulnerabilities to cripple parts of the electricity grid, a security researcher said during the Hack in the Box conference in Amsterdam on Thursday. While electric cars and EV charging systems are still in their infancy, they could become a more common way to travel within the next 10 years. If that happens, it is important that the charging systems popping up in cities around the world are secure in order to prevent attackers from accessing and tempering with them, said Ofer Shezaf, of HP ArcSight. At the moment, they are not secure at all, he said."
I've just applied for a patent on a device I call a "fuse". You can put arrays of them in a thing I call a "fuse box". They prevent too much current from passing along a wire.
No sig today...
A hacker could just as concievably shut down the computer or payment system in a traditional gas station rendering it useless. Or disrupt the credit authentication system. Or a terrorist could bomb them.
Just because its an EV does not make it or its infrastructure any more or less succeptible to an attack of some kind. To say otherwise just discourages people from looking at it as an alternative and is FUD.
Silence is a state of mime.
When all one needs is a match to cause chaos at any one of the 100,000+ gas stations across the country, it seems rather strange that we're raising the physical security flag on this. Not saying he doesn't have a point, just seems to wash out when looking at what you could do today with so little.
My house is connected to the electrical grid, and yet for some reason (safety design perhaps?), I highly doubt I could take out a city block from my bedroom outlet.
[...] in order to prevent attackers from accessing and tempering with them, [...]
temper /tempr/ Verb: Improve the hardness and elasticity of (steel or other metal) by reheating and then cooling it.
How does this relate to EV chargers and why would it be important to prevent people from using them for this task.
I think you have accidentally posted this piece to the wrong site, sir. There are too many people here who have a clue for your tactic to work. I suggest you try "SeekingAlpha" or "Forbes", if you want to manipulate a market more effectively.
A republic cannot succeed till it contains a certain body of men imbued with the principles of justice and honour.
Why bother crippling the grid by hacking chargers when they could just hack it directly
A few days ago, Bruce Schneier launched the Sixth Movie Plot Contest, with the goal of creating catastrophic but plausible things that "cyberwarriors" and evil hackers could do to destroy America. There are some fascinating ones, that's for sure, but the real point is that if you try to defend against everything that could happen, you'll waste most of your efforts.
I am officially gone from
What could possibly go wrong with petrol/gas pumps ?
Isn't there a simple answer to this, DON'T MAKE THE STUPID CHARGING STATIONS REMOTELY ACCESSIBLE. There has to be ways to make sure the stations aren't putting too much strain on the power grid without tying them into some massive (insecure) control structure. Maybe wire them all into a single meter, and have the meter act as a smaller network letting the group of stations use a certain amount of power depending on the time of day. For personal chargers utilities could give homeowners a bill credit if they only charge their cars between specified times. While creating a centralized control network is easier from an administrative point of view, it creates far too much risk of some miscreant or criminal/foreign element using it with malice.
The web-servers are being hacked mostly to send spam. I do not see why would one want to hack remotely into a charger.
Readers not astonished.
Happiness in intelligent people is the rarest thing I know.
Ernest Hemingway
Nice try, Exxon FUD department...
Hackers could use paper clips to cause the Earth to fall into the sun....
Imagine if we didn't have to worry about some ding-dong breaking things just because they could. We would have pneumatic tubes to every house, kitchen lasers for cutting would be common place, and small nuclear reactors in our back yards
"When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
Negative. Charging stations are deployed and BEING deployed RIGHT NOW. Present tense applies
"When life gives you lemons, don't make lemonade. Make life take the lemons back!" -- Cave Johnson
... except with an axe. This is why we should all switch to four legged power and methane scoops for the pooping area. I submit, this is the greatest idea ever conceived since the wheel.
If computers were people, I'd be a misanthrope.
If by "adequate" you mean "no", well then yes. I managed three gas stations for two years and I can tell you the "security" is entirely composed of humans earning close to minimum wage. Most of them are stoned part of the day.
How exactly do you expect me to provide more "protection" to my charging point (which is in my garage) than I already have? You'd have to break a door down and flip a physical switch for starters. Even the Internet-connected public charging stations are too stupid for major exploits; you can do more damage exploiting HP laserjets in power plants (true fact).
Movie plot, not reality.
Here in reality, the SAE J1772 EV connector is hard-wired for current limitation. It's not programmable. And the grid's regulated and fused, and EV chargers are not "high power equipment" compared to the stuff in any machine shop, car wash, laundromat, or even the electric water heaters on one city block (and for more than 20 years the power company in my area has offered discounts to people who allow their water heaters to be fitted with remote controls).
The closest you could get to this ridiculous FUD is if you hacked the cars themselves, not the chargers. But of course modern gas and diesel cars are just as hackable, so that won't be mentioned.
Hey, but what do I know, I'm just some guy with actual real-world experience, not a fear-mongering "researcher" with a political axe to grind.
It's always blown me away how hostile slashdotters are to green tech. Green tech means jobs and wealth and social mobility for the intelligent.
Hackers could abuse ______ to _____ a/the ____.
We should stick with nice, safe, harmless gasoline.
Totally harmless...
"MIT betrayed all of its basic principles."
That a terrorist couldn't abuse the wide variety of location which contain thousands of gallons of highly flammable liquid?
Just think if 10% of the population have electric vehicles, coming home at the end of a hot day in the middle of summer, and then all dutifully plugging in their cars to the grid at roughly the same time.
Most regions have issues where they reach peak energy production at times during the summer so I can't imagine how much more load hundreds of thousands of electric vehicles will have. Remember that no gas car is consuming electricity today so every new electric vehicle that plugs in is an added burden to a system that is already stressed and often antiquated in many places.
I know that at least in Ontario we have a program where we can opt to have smart thermostats where the grid can adjust your cooling temp a few degrees down during peak usage to help stave off a pending outage. I think a system like this program should be mandatory for anybody buying an electric vehicle so that if there if the grid is nearing peak usage all these electric cars could go into a trickle charge mode, or at least force deferred charging to off peak hours.
I haven't thought of anything clever to put here, but then again most of you haven't either.
I already have a patent on "Fuses" used in computers.
Your "Mobile Device" seems to just be a small version of a computer.
Pay Me.
Why is it so hard to only have politicians for a few years, then have them go away?
This brings to mind something else I've been wondering lately. Are the new electric meters that are going in capable of disconnecting service by remote command? If so, I'd think that would be an even jucier target for hacker disruption.
Many manufacturers need a license to put anything controllable on the Net. Devices need to be certified that they are not openly hackable or a danger sitting out there in the big wide world....
When I RTFAed, the impression I got is that the charging stations cooperate with one another and trust one another. That is, one charging station can influence the behavior of others. Furthermore it's supposedly relatively easy to get a charging station's signing key and then impersonate that charging station. That is, I can say I'm a nearby charging station who si charging 100 cars right now, and thereby persuade other charging systems that right now isn't a good time for them to charge their cars, or charge them slowly. DoS, via lying about a resource being scarcer than it really is.
The ease of impersonation is not really an EV issue, but rather a defect in how these particlar EV charging systems work. The machines are not well-protected.
The reason the impersonation matters (why the cooperation and trust happens in the first place) is where the EV-specific tech comes in. Gas pumps scale better than electricity "pumps," because they're buffered by gas stations' storage tanks. If ten gas stations are all working at the same time, it doesn't put extra pressure on the gas-delivery tankers, the way that ten charging stations working at the same time, puts pressure on the shared electricity system.
This is not EV FUD; no implications were made that EV should be avoided. It's a call to people to protect their EV chargers, make the keys harder to get, or have chargers deal with the trust issues different, or buffer the energy at night so they don't need to cooperate with one another, etc.
If there's FUD, it's against certain manufacturers.
"Believe me!" -- Donald Trump
Just use IPv6 on the devices.