Alarmists Fear Charging Stations

3915 Views 13 Replies 11 Participants Last post by Norm51, Apr 14, 2013

JamesMcQuaid

Discussion Starter · Apr 14, 2013

Computer hacker security conferences are characterized by swarms of self-promoting alarmist attention whores chasing after a headline by trumpeting the latest potential end of the world scenario. For the most part these people are charlatans, criminals, and/or wild eyed pistol wavers. The Hack in the Box conference is an example of this.

In the following case, we have the unsupported assertion that the grid could be threatened by EVSE's:

Researcher: Hackers could start abusing electric car chargers to cripple the grid

Hackers could use vulnerable charging stations to prevent the charging of electric vehicles in a certain area, or possibly even use the vulnerabilities to cripple parts of the electricity grid, a security researcher said during the Hack in the Box conference in Amsterdam on Thursday.

While electric cars and EV charging systems are still in their infancy, they could become a more common way to travel within the next 10 years. If that happens, it is important that the charging systems popping up in cities around the world are secure in order to prevent attackers from accessing and tempering with them, said Ofer Shezaf, product manager security solutions at HP ArcSight. At the moment, they are not secure at all, he said.

An EV charging station like this one in Amsterdam could be vulnerable to hackers, according to a security researcher at the Hack in the Box conference.

“Essentially a charging station is a computer on the street,” Shezaf said. “And it is not just a computer on the street but it is also a network on the street.”

Users want their cars to charge as quickly as possible but not all electric cars can be charged at once because the providers of charging stations have to take the local and regional circuit capacity in mind, said Shezaf. “Therefore we need smart charging,” he said.

But installing smart charging systems means that the charging stations on the street need to be connected, so the amount of energy is distributed in such a way that electricity grids are not overloaded, he said. But when charging stations are connected, multiple charging stations can be abused if an hacker can access them, Shezaf said.

The easiest way is to physically access the charging stations. “There are systems on the street and it is very easy to access the computer,” Shezaf said. “When you get to the equipment, reverse engineering it is actually a lot easier than you think.”

Hackers could take apart the systems to determine components and analyze and debug the firmware, he said. By doing this they can potentially spot convenient eavesdropping points and get encryption keys, Shezaf said, who added that he based his research on public sources, and in most cases on documentation from vendors’ websites.

Charging stations can be configured by opening them, placing a manual electric DIP switch to configuration mode, connecting an Ethernet cross cable and firing up a browser to get access to the configuration environment, he said. In at least one type of charging station this kind of access doesn’t require any authentication, Shezaf found. “You go and open the box with a key and that is the last security measure you meet,” he said.

Some charging stations are also connected using RS-485 short-range communications networks used for inexpensive local networking, Shezaf said. Those connections have a very low bandwidth and high latency, are commonly used and have no inherent security, he added.

And while it all depends on the application, bandwidth and latency limits of the RS-485 networks makes eavesdropping and man-in-the-middle attacks simple, according to Shezaf, who described several other potential vulnerabilities during his presentation.

Using these methods, hackers could start influencing charge planning or influence and stop charges, he said. If no electric car can charge for a day when 30 percent of all cars in a country are electric, this could become problematic, he said. “If someone can prevent charging for everyone in a small area you have a major influence on life. In a larger area it might be a really really big problem,” Shezaf said.

“If somebody finds a way to confuse the smart car charging system, the denial of service can not only hit charging cars, but also the electricity system,” he said.

While risks may be small today, it is time to start securing charging systems, Shezaf said. There should be more standardization in the charging sector, preferably using open standards, he said. But basically “we just have to pay more attention and spend more money,” he said, adding that at the moment too little of both is happening.

“We shouldn’t be relaxing now. The issues will become real when electric cars become real. If we don’t start today it won’t be secure in 10 years,” he said.

http://www.pcworld.com/article/2033826/hackers-could-start-abusing-electric-car-chargers-to-cripple-the-grid-researcher-says.html

Save

1 - 14 of 14 Posts

bonaire

· #2 · Apr 14, 2013

Researchers and experts are quoted without their backgrounds being checked. It's pc world, not pc magazine. Long ago when I read these mags, pc world was typically sub par to pc magazine and a few others. This article is quite laughable.

Save

Prohidium

· #3 · Apr 14, 2013

While parts of the story are plausible, by the time there is charging saturation, there will be security. Aside from that, if the charging units are accepting credit cards, they have to be secure in order to do so else they are violating (in north America at least ) specific laws/standards. There is no way though that hacking into car chargers would then allow a hacker into the "grid". That is a bit absurd.

Of course, all of this will be circumvented by a simple tamper switch. Open the charger, the tamper switch says it has been tampered with and it will be shutdown or inspected.

For example, in my community, our household hydro meters are smart meters connected to a wireless network. No one has hacked it yet in the past year or two. I have not read about such a hack in north America either. I would be more concerned about that than car chargers.

Save

emd

· #4 · Apr 14, 2013

i was looking at the news on this hack conference. one said he could hijack any airliner from the internet through its autopilot. he only forgot there are two people flying that thing that can disengage the autopilot and fly manually as soon as something don't look right. +90% of charging is done at home without any fancy commercial grade internet connected charger (dumb car chargers?) making this another almost non-issue issue. the same train of thought would have you believe the hackers could reprogram everybodys clothes dryers to burn all the clothes and everyone would be forced to walk around naked.

you are right that anybody that believes half of what comes out of this conference needs more tin foil under their hats.

Save

Gary Norton

· #5 · Apr 14, 2013

Yes, just like all the gas stations have been hacked and gas is spewing all over the ground, or mixed with diesel, or not pumping at all. Oh the humanity. It's Y3K already.

Save

Norm51

· #6 · Apr 14, 2013

JamesMcQuaid said:
While electric cars and EV charging systems are still in their infancy, they could become a more common way to travel within the next 10 years. If that happens, it is important that the charging systems popping up in cities around the world are secure in order to prevent attackers from accessing and tempering with them, said Ofer Shezaf, product manager security solutions at HP ArcSight. At the moment, they are not secure at all, he said

Click to expand...

.

I'll admit it. I didn't read the entire article. I couldn't stop laughing after reading the word "tempering." I guess tampering and tempering sound the same to the Dutch ear.

Just like you're and your, then and than and many others I read from New Englanders. Hmmm.. New York was a Dutch colony....right?

Save

bonaire

· #7 · Apr 14, 2013

And whether v. wether v. weather. The weather was bad when choosing whether or not to buy the wether.

Save

mikeg3

· #8 · Apr 14, 2013

Norm51 said:
I'll admit it. I didn't read the entire article. I couldn't stop laughing after reading the word "tempering." I guess tampering and tempering sound the same to the Dutch ear. Just like you're and your, then and than and many others I read from New Englanders. Hmmm.. New York was a Dutch colony....right?

Actually, New York was a Dutch colony.

There is an important norm on the Internet not to pick on minor spelling and grammar errors. Just because you didn't ace English class doesn't mean your opinion is worth less.

Save

Norm51

· #9 · Apr 14, 2013

mikeg3 said:
Actually, New York was a Dutch colony.

There is an important norm on the Internet not to pick on minor spelling and grammar errors. Just because you didn't ace English class doesn't mean your opinion is worth less.

True.

Hello Mike. My facetious comments were, in part, self deprecating. I was born in Brooklyn. But cha' couldn't told it from the way I talk [swiped that line from a joke.] Besides, If I directly challenged anyone on this forum, they could point to the numerous EDITS I've done in my posts.

I still have many relatives there and we spend the first day or so at family gatherings trying to figure out what the other person is saying.

On another note, I got a plug in [pun intended] for this forum and other Volt-related sites [watch for favorites bar] during a testimonial back in February for CPS Energy - a two hour interview boiled down to 62 seconds.

[video]http://www.cpsenergy.com/video_center/home_manager_randolph.mov[/video]

Save

Selling Volts At Sundance

· #10 · Apr 14, 2013 (Edited)

North Of 1.5 Billion EV Charging Wall Outlets, North America, Here Now!

emd said:
i was looking at the news on this hack conference. one said he could hijack any airliner from the internet through its autopilot. he only forgot there are two people flying that thing that can disengage the autopilot and fly manually as soon as something don't look right. +90% of charging is done at home without any fancy commercial grade internet connected charger (dumb car chargers?) making this another almost non-issue issue. the same train of thought would have you believe the hackers could reprogram everybodys clothes dryers to burn all the clothes and everyone would be forced to walk around naked.

you are right that anybody that believes half of what comes out of this conference needs more tin foil under their hats.

You are so right about charging at home. I have been using 110V/120V at home using a 50' 12 gage outdoor cord for over a year. Plugging in at work, L1 by day. So costs me about $15.00 US Dollars a month to drive my lease allowed 1,250 miles a month.

I do however take advantage of the more then 17 free Blink, Eaton and ChargePoint L2 Chargers scattered around the city. I will spend monet at those places that offer free EV charging, L2 or L1 as a customer perk.

Beyond that, the word needs to get hammered home hard-

99 out of 100 asked by me on the street do NOT KNOW that ALL Electric Vehicles come standard with an extension cord (EVSE) that plugs into a standard wall outlet, including the Tesla Model S!

TELL THEM!

With north of 1.5 billion wall outlets already in place in North America, we have been Electric Vehicle Charging ready for decades!

TELL THEM!

Best-

Thomas J. Thias

Sundance Chevrolet

517-622-6081

@AmazingChevVolt

See less See more

Save

jljeeper

· #11 · Apr 14, 2013

Hey if they can knock out power to sections of town (lots of business's have smart meters). They could just turn off gas stations.

Save

Rampage_Rick

· #12 · Apr 14, 2013 (Edited)

I previously saw this article and dismissed it as FUD. It only serves to panic the technologically illiterate. Even if hackers were able to get into the charging network, the absolute worst they could do is turn the stations on and off. Since a vehicle would have to be physically plugged in for there to be any appreciable load, turning on every station in the country wouldn't accomplish much in the way of a brownout, unless every station happened to be occupied at that moment. Alternately, turning off every station in the country wouldn't cause a brownout either, but it could be a major inconvenience to BEV drivers.

jljeeper said:
Hey if they can knock out power to sections of town (lots of business's have smart meters). They could just turn off gas stations.

Up here in BC we've got Itron OpenWay meters. The "standard" 200A 120/240V meters do have an internal disconnect feature (Itron C2SOD) however these are only used for homes and small businesses. Any buildings (commercial or otherwise) served by more than 200A or with 3-phase power use different models of smart meters that don't have the ability to disconnect the service.

Articles like the one above are no different than ones like this:

See less See more

Save

DonC

· #13 · Apr 14, 2013

mikeg3 said:
There is an important norm on the Internet not to pick on minor spelling and grammar errors. Just because you didn't ace English class doesn't mean your opinion is worth less.

You're completely right if we're talking about posts but here we're talking about an article. Completely different standard. An online article should be held to the same standards as what you'd find in print.

We can excuse the author if they're not an English speaker, but the publication should catch this type of stuff.

Save

Norm51

· #14 · Apr 14, 2013

Rampage_Rick said:
Up here in BC we've got Itron OpenWay meters. The "standard" 200A 120/240V meters do have an internal disconnect feature (Itron C2SOD) however these are only used for homes and small businesses. Any buildings (commercial or otherwise) served by more than 200A or with 3-phase power use different models of smart meters that don't have the ability to disconnect the service.

How do I read the model number on this Itron? Is it just a CL200?

See less See more

Save

1 - 14 of 14 Posts

This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.

Top Contributors this Month