CyberSecurityBoard
Sponsor Register Login

Are Electric Vehicle Charging Stations Secure Recent Security Flaws Discovered

Researchers from SaiFlow have discovered two security vulnerabilities in certain electric vehicle charging systems that could be used to remotely shut down charging stations and even steal data and energy. The issues were found in version 1.6J of the Open Charge Point Protocol (OCPP) standard, which uses WebSockets for communication between EV charging stations and the Charging Station Management System (CSMS) providers. The current version of OCPP is 2.0.1. The researchers found that the OCPP standard does not provide clear instructions for multiple active connections, which can be exploited by attackers to disrupt and hijack the connection between the charge point and the CSMS. This could lead to information theft, as the attacker could access the driver's personal data, credit card details, and CSMS credentials. The weak authentication policy of OCPP 2.0.1 can be remedied by requiring charging point credentials, which would close the loophole. To prevent multiple connections from a single charging point, the CSMS should validate the connections by sending a ping or a heartbeat request. If one of the connections is not responsive, the CSMS should eliminate it. If both connections are responsive, the operator should be able to eliminate the malicious connection directly or via a CSMS-integrated cybersecurity module.

This Cyber News was published on thehackernews.com. Publication date: Sat, 04 Feb 2023 05:06:03 +0000


Cyber News related to Are Electric Vehicle Charging Stations Secure Recent Security Flaws Discovered

How to Clean Your Charging Port in 5 Easy Steps - Throughout the day, your phone accumulates debris, creating a barrier in the port and hindering a secure connection with your charger. Read on to learn how to clean a charging port in five easy steps. One of the most common causes of charging ...
10 months ago Pandasecurity.com
VoltSchemer attacks use wireless chargers to inject voice commands, fry phones - A team of academic researchers show that a new set of attacks called 'VoltSchemer' can inject voice commands to manipulate a smartphone's voice assistant through the magnetic field emitted by an off-the-shelf wireless charger. VoltSchemer can also be ...
10 months ago Bleepingcomputer.com
Are Electric Vehicle Charging Stations Secure Recent Security Flaws Discovered - Researchers from SaiFlow have discovered two security vulnerabilities in certain electric vehicle charging systems that could be used to remotely shut down charging stations and even steal data and energy. The issues were found in version 1.6J of the ...
1 year ago Thehackernews.com
CVE-2022-25155 - Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series ...
1 year ago
CVE-2022-25157 - Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series ...
1 year ago
The reality of hacking threats in connected car systems - The automotive industry faces new cybersecurity challenges as vehicles become more connected. All parties in the manufacturing supply chain should follow key principles for vehicle cybersecurity, such as organizational security, risk assessment and ...
10 months ago Helpnetsecurity.com
CVE-2022-25158 - Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all ...
2 years ago
CVE-2022-25156 - Use of Weak Hash vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric ...
1 year ago
CVE-2021-20609 - Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU Firmware versions "24" and prior, Mitsubishi Electric MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "57" and prior, ...
2 years ago
CVE-2021-20610 - Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU Firmware versions "24" and prior, Mitsubishi Electric MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions ...
2 years ago
CVE-2021-20611 - Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU Firmware versions "24" and prior, Mitsubishi Electric MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "57" and prior, ...
2 years ago
Securing the Electric Vehicle Charging Infrastructure - Because EVs can travel only a limited distance on a charge, having charging stations nearby is non-negotiable. Unless you live in the middle of absolute nowhere, you probably don't have to worry about finding a gas station nearby, but the same isn't ...
11 months ago Feeds.fortinet.com
Risk of Denial of Service Attacks on Electric Vehicle Charging Stations - Recent studies have shown that 5.8 percent of all vehicles sold in 2022 will be electric, which is a large number considering the newness of the technology. Hackers are taking note of this and any potential vulnerabilities related to electric ...
1 year ago Hackread.com
The many ways electric cars are vulnerable to hacks, and whether that matters in a real-world - While I don't own a Tesla, I am now more invested in following the various ways attackers can take advantage of the connectivity of electric cars. They're all Wi-Fi connected so drivers can control the charging speed and timing of their cars, monitor ...
10 months ago Blog.talosintelligence.com
Integrating cybersecurity into vehicle design and manufacturing - In this Help Net Security interview, Yaron Edan, CISO at REE Automotive, discusses the cybersecurity landscape of the automotive industry, mainly focusing on electric and connected vehicles. Edan highlights the challenges of technological ...
10 months ago Helpnetsecurity.com
CVE-2022-25159 - Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, ...
2 years ago
CVE-2022-25160 - Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all ...
2 years ago
CVE-2022-0878 - Electric Vehicle (EV) commonly utilises the Combined Charging System (CCS) for DC rapid charging. To exchange important messages such as the State of Charge (SoC) with the Electric Vehicle Supply Equipment (EVSE) CCS uses a high-bandwidth IP link ...
2 years ago
Vulnerabilities in Electric Vehicle Charging Systems Enable Interference and Unauthorized Use of Power. - Researchers have warned that many electric vehicle charging management systems are vulnerable to attack, which could allow hackers to cause disruption, steal energy, or access driver information. The security flaws were discovered by SaiFlow, an ...
1 year ago Securityweek.com
Safeguarding the Code That Drives Modern Vehicles - Surprisingly, these vehicles are governed by over 100 million lines of code, running across 50 to over 100 independent processors known as electronic control units. Since 1996 for American vehicles and 2001 for European ones, standardized connectors ...
9 months ago Cyberdefensemagazine.com
Discovering SSRF Flaws in Microsoft Azure Services - Microsoft Azure is an incredibly popular cloud computing platform and its services are used around the world. Recently, security researchers uncovered several Server-Side Request Forgery (SSRF) flaws in many of Microsoft Azure’s services. This type ...
1 year ago Securityaffairs.com
CVE-2022-40267 - Predictable Seed in Pseudo-Random Number Generator (PRNG) vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z (x32,64,80, yT,R, zES,DS,ESS,DSS) with serial number 17X**** or later, and versions 1.280 and prior, Mitsubishi ...
1 year ago
VicOne Partners With 42Crunch to Deliver Comprehensive Security Across SDV and Connected-Vehicle Ecosystem - PRESS RELEASE. DALLAS and TOKYO, May 29, 2024- VicOne, an automotive cybersecurity solutions leader, today announced a partnership with 42Crunch to enhance the security of application programming interfaces for the software-defined vehicle and ...
6 months ago Darkreading.com
A Suspected Cyberattack Paralyzes the Majority of Gas Stations Across Iran - Nearly 70% of Iran's gas stations went out of service on Monday following possible sabotage - a reference to cyberattacks, Iranian state TV reported. It urged people not to rush to the stations that were still operational. State TV quoted a statement ...
1 year ago Securityweek.com
Energy giant Schneider Electric hit by Cactus ransomware attack - Energy management and automation giant Schneider Electric suffered a Cactus ransomware attack leading to the theft of corporate data, according to people familiar with the matter. BleepingComputer has learned that the ransomware attack hit the ...
10 months ago Bleepingcomputer.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)