Skip to main content

Vulnerabilities in Connected Electric Car Chargers Could Damage Home Networks

December 13, 2018

New Kaspersky Lab research identifies security flaws that could allow cybercriminals to manipulate amount of electricity sent to vehicles

Woburn, MA – December 13, 2018 – Kaspersky Lab experts have discovered that electric vehicle chargers supplied by a major vendor carry vulnerabilities that can be exploited by cyber-attackers, and the consequences of a successful attack could include damage to the home electricity network. While modern electric vehicles are tested constantly for vulnerabilities, this research reveals that some of their essential accessories, such as battery chargers, may remain at risk.

Electric vehicles are becoming increasingly popular, as their development makes a vital contribution to environmental sustainability. In some regions, public and private charging points are now commonplace. In light of this growing usage, Kaspersky Lab researchers decided to investigate the security of widely available domestic electric vehicle chargers that include a remote access feature. 

The researchers found a way to initiate commands on the charger, to either stop the charging processor or set it to the maximum current possible. While the first option would only prevent a person from using the car, the second one could potentially cause the wires to overheat on a device that is not protected by a trip fuse. If compromised, the connected charger could therefore cause a power overload that would take down the network to which it was connected. This could result in significant financial impact and, in the worst-case scenario, damage to other devices connected to the network.

To change the amount of electricity being consumed, all that an attacker would need to do is obtain access to the Wi-Fi network that the charger is connected to. Since the devices are designed for home users, security for the wireless network is likely to be limited. This means that attackers could easily gain access, for example, by bruteforcing all possible password options – a common method of attack. According to Kaspersky Lab statistics, 94 percent of attacks on IoT in 2018 came from Telnet and SSH password bruteforcing. Once inside the wireless network, the intruders can easily find the charger’s IP address, which, in turn, will allow them to exploit any vulnerabilities and disrupt operations.

All the vulnerabilities discovered by Kaspersky Lab researchers were reported to the vendor and have now been patched. 

“People often forget that in a targeted attack, cybercriminals always look for the least-obvious elements to compromise, in order to remain unnoticed,” said Dmitry Sklyar, security researcher at Kaspersky Lab. “This is why it is very important to look for vulnerabilities, not just in technical innovations, but also in their accessories – they are usually a coveted prize for threat actors. As we have shown, vendors should be extra careful with connected vehicle devices, and initiate bug-bounties or ask cybersecurity experts to check their devices. In this case, we were fortunate to have a positive response and a rapid patch of the devices, which helped to prevent potential attacks.”

To protect your smart devices, including electric vehicle accessories, Kaspersky Lab recommends the following security measures:

  • Regularly update all your smart devices to the latest software versions. Updates may contain patches for critical vulnerabilities, which, if left unpatched, could give cybercriminals access to your home and private life.
  • Do not use the default password for Wi-Fi routers and other devices. Immediately after install, change it to a strong password, and do not use the same password for several devices.
  • It is recommended to isolate the smart home network from the network used by your or your family’s personal devices for basic internet searching. This is to ensure that if a device is compromised with malware, your smart home system will not be affected.

For more information on the electric vehicle charger vulnerabilities discovered by Kaspersky Lab, read the full report on Securelist.com.

About Kaspersky Lab
Kaspersky Lab is a global cybersecurity company, which has been operating in the market for over 21 years. Kaspersky Lab’s deep threat intelligence and security expertise is constantly transforming into next generation security solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection and a number of specialized security solutions and services to fight sophisticated and evolving digital threats. Over 400 million users are protected by Kaspersky Lab technologies and we help 270,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.

Media Contact
Meghan Rimol
meghan.rimol@kaspersky.com
781.503.2671

Vulnerabilities in Connected Electric Car Chargers Could Damage Home Networks

New Kaspersky Lab research identifies security flaws that could allow cybercriminals to manipulate amount of electricity sent to vehicles
Kaspersky logo

About Kaspersky

Kaspersky is a global cybersecurity and digital privacy company founded in 1997. With over a billion devices protected to date from emerging cyberthreats and targeted attacks, Kaspersky’s deep threat intelligence and security expertise is constantly transforming into innovative solutions and services to protect businesses, critical infrastructure, governments and consumers around the globe. The company’s comprehensive security portfolio includes leading endpoint protection, specialized security products and services, as well as Cyber Immune solutions to fight sophisticated and evolving digital threats. We help over 200,000 corporate clients protect what matters most to them. Learn more at www.kaspersky.com.

Related Articles Press Releases