Saturday, August 18, 2018
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Amazon to Release Live TV Recorder
U.S. Wants to Wiretap Facebook Messenger, Report Says
More Affordable, 13-inch MacBook and $160 AirPower Expected at Apple's Event
Google to Launch Its Own Smart Display, Report Says
Nvidia Reports Record Revenue From Datacenter, Gaming, Professional Visualization, Automotive
Arm Client CPU Roadmap Includes Advanced Hercules and Deimos Chips
Google To Release Lightweight Version of Android Pie for Entry-level Smartphones
Japan Accuses Apple of Pressuring Game Rivals: Nikkei
Active Discussions
Which of these DVD media are the best, most durable?
How to back up a PS2 DL game
Copy a protected DVD?
roxio issues with xp pro
Help make DVDInfoPro better with dvdinfomantis!!!
menu making
Optiarc AD-7260S review
cdrw trouble
 Home > News > General Computing > Chargin...
Last 7 Days News : SU MO TU WE TH FR SA All News

Tuesday, January 09, 2018
Charging Your Electric Car May Not be Secure


Charging your electric car in the charging station in your neighborhood may expose your personal data, a cybersecurty researcher claims.

Mathias Dalheimer raised this issue at the thirty-fourth Chaos Communication Congress, in his talk about the vulnerabilities of the electric car infrastructure.

Charging station providers receive money in exchange for providing electrical energy. For those transactions, they need a built-in billing system. Before you can start charging your car, you need to identify yourself using your charging ID token, a special near-field-communication (NFC) card that is associated with your account.

The billing for electro mobility is normally carried out using the Open Charge Point Protocol, which regulates communications between billing management systems on one end and the electric charging point on the other end. The charging point sends a request identifying you to the billing system; billing management approves the request and lets the charging point know; and the station lets you start charging. Afterwards, the amount of electricity is calculated and sent back to the billing management system so that it can bill you at the end of the month.

Dalheimer probed different components of the system and found that all of them had some problems with security. The first is the ID tokens. They are made by third-party providers and most of them do not secure your data. They are very simple NFC cards that do not encrypt your ID or anything else they contain. The cards' problems continue. First, they're pretty easy to program, which Mathias demonstrated by copying his own card and successfully charging with the copy. It would be easy for a knowledgeable person to program a bunch of cards, hoping to hit on a working account number.

Because charging providers bill once per month, if a car owner's account is compromised in that way, they won't see that anything is amiss until the monthly bill arrives.

Most stations use the 2012 version of the OCPP protocol, which is already relatively old and is based on HTTP. Mathias demonstrated how easy it is to set up a man-in-the-middle attack by relaying the transaction.

Moreover, both stations that Mathias examined had USB ports. Plug in an empty flash drive - and logs and configuration data will be copied to the drive. From this data, it's easy to get the login and the password for the OCPP server and, for good measure, the token numbers of previous users - which, remember, is all you need to imitate them.

Even worse, if the data on the drive is modified and then the USB drive is inserted back into the charging point, the charging point will automatically update from it and consider the data on the drive its new configuration. And that opens a whole lot of new possibilities to the hackers.

To sum up, potential criminals could collect ID card numbers, imitate them and use them for transactions; rewire charging requests, basically disabling the charging point; gain root access to the station and then do whatever they like.



Previous
Next
CES: Razer Project Linda Transorms the Razer Phone into an Android Laptop        All News        CES: MediaTek Launches AI Platform
Google and Lenovo Launch Lenovo Mirage Camera and Mirage Solo VR Headset     General Computing News      CES: MediaTek Launches AI Platform

Get RSS feed Easy Print E-Mail this Message

Related News
Ford to Invest $11 billion, Offer 40 Electrified Vehicles by 2022
Samsung SDI Unveils New Battery Products at Detroit Motor Show
Toyota Cars to Go All-electric by 2025
Toyota and Panasonic to Start Study on Automotive Prismatic Battery Business
Volkswagen to Invest Over $40 billion on Future Cars
Samsung Lithium-air Battery Has Twice The Capacity of Li-ion Technology
Sony develops Remote-driven Electric Vehicle
Toshiba's Next-Generation SCiB Lithium-ion Battery Boots Electric vehicles' Range to 320km on a 6-minute Recharge
Toyota, Mazda, Denso Join Forces on Development of Electric Cars
Mercedes to Invest $1 Billion in Alabama Electric Vehicle Factory
Renault, Nissan and Mitsubishi Motors to Strengthen Cooperation in Electric - autonomous Vehicle Push
Nissan Leaf Got Upgraded to Compete With Tesla's Models

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2018 - All rights reserved -
Privacy policy - Contact Us .