CyberSecurityBoard
Sponsor Register Login

Are Electric Vehicle Charging Stations Secure Recent Security Flaws Discovered

Researchers from SaiFlow have discovered two security vulnerabilities in certain electric vehicle charging systems that could be used to remotely shut down charging stations and even steal data and energy. The issues were found in version 1.6J of the Open Charge Point Protocol (OCPP) standard, which uses WebSockets for communication between EV charging stations and the Charging Station Management System (CSMS) providers. The current version of OCPP is 2.0.1. The researchers found that the OCPP standard does not provide clear instructions for multiple active connections, which can be exploited by attackers to disrupt and hijack the connection between the charge point and the CSMS. This could lead to information theft, as the attacker could access the driver's personal data, credit card details, and CSMS credentials. The weak authentication policy of OCPP 2.0.1 can be remedied by requiring charging point credentials, which would close the loophole. To prevent multiple connections from a single charging point, the CSMS should validate the connections by sending a ping or a heartbeat request. If one of the connections is not responsive, the CSMS should eliminate it. If both connections are responsive, the operator should be able to eliminate the malicious connection directly or via a CSMS-integrated cybersecurity module.

This Cyber News was published on thehackernews.com. Publication date: Sat, 04 Feb 2023 05:06:03 +0000


Cyber News related to Are Electric Vehicle Charging Stations Secure Recent Security Flaws Discovered

How to Clean Your Charging Port in 5 Easy Steps - Throughout the day, your phone accumulates debris, creating a barrier in the port and hindering a secure connection with your charger. Read on to learn how to clean a charging port in five easy steps. One of the most common causes of charging ...
1 year ago Pandasecurity.com
VoltSchemer attacks use wireless chargers to inject voice commands, fry phones - A team of academic researchers show that a new set of attacks called 'VoltSchemer' can inject voice commands to manipulate a smartphone's voice assistant through the magnetic field emitted by an off-the-shelf wireless charger. VoltSchemer can also be ...
11 months ago Bleepingcomputer.com
CVE-2022-25155 - Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series ...
1 year ago
Are Electric Vehicle Charging Stations Secure Recent Security Flaws Discovered - Researchers from SaiFlow have discovered two security vulnerabilities in certain electric vehicle charging systems that could be used to remotely shut down charging stations and even steal data and energy. The issues were found in version 1.6J of the ...
2 years ago Thehackernews.com
CVE-2022-25157 - Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series ...
1 year ago
The reality of hacking threats in connected car systems - The automotive industry faces new cybersecurity challenges as vehicles become more connected. All parties in the manufacturing supply chain should follow key principles for vehicle cybersecurity, such as organizational security, risk assessment and ...
1 year ago Helpnetsecurity.com
CVE-2022-25158 - Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all ...
2 years ago
CVE-2022-25156 - Use of Weak Hash vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric ...
1 year ago
CVE-2021-20609 - Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU Firmware versions "24" and prior, Mitsubishi Electric MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "57" and prior, ...
2 years ago
CVE-2021-20610 - Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU Firmware versions "24" and prior, Mitsubishi Electric MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions ...
2 years ago
CVE-2021-20611 - Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU Firmware versions "24" and prior, Mitsubishi Electric MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "57" and prior, ...
2 years ago
Securing the Electric Vehicle Charging Infrastructure - Because EVs can travel only a limited distance on a charge, having charging stations nearby is non-negotiable. Unless you live in the middle of absolute nowhere, you probably don't have to worry about finding a gas station nearby, but the same isn't ...
1 year ago Feeds.fortinet.com
Risk of Denial of Service Attacks on Electric Vehicle Charging Stations - Recent studies have shown that 5.8 percent of all vehicles sold in 2022 will be electric, which is a large number considering the newness of the technology. Hackers are taking note of this and any potential vulnerabilities related to electric ...
2 years ago Hackread.com
Integrating cybersecurity into vehicle design and manufacturing - In this Help Net Security interview, Yaron Edan, CISO at REE Automotive, discusses the cybersecurity landscape of the automotive industry, mainly focusing on electric and connected vehicles. Edan highlights the challenges of technological ...
11 months ago Helpnetsecurity.com
The many ways electric cars are vulnerable to hacks, and whether that matters in a real-world - While I don't own a Tesla, I am now more invested in following the various ways attackers can take advantage of the connectivity of electric cars. They're all Wi-Fi connected so drivers can control the charging speed and timing of their cars, monitor ...
1 year ago Blog.talosintelligence.com
CVE-2022-25159 - Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, ...
2 years ago
CVE-2022-25160 - Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all ...
2 years ago
CVE-2022-0878 - Electric Vehicle (EV) commonly utilises the Combined Charging System (CCS) for DC rapid charging. To exchange important messages such as the State of Charge (SoC) with the Electric Vehicle Supply Equipment (EVSE) CCS uses a high-bandwidth IP link ...
2 years ago
Vulnerabilities in Electric Vehicle Charging Systems Enable Interference and Unauthorized Use of Power. - Researchers have warned that many electric vehicle charging management systems are vulnerable to attack, which could allow hackers to cause disruption, steal energy, or access driver information. The security flaws were discovered by SaiFlow, an ...
2 years ago Securityweek.com
Safeguarding the Code That Drives Modern Vehicles - Surprisingly, these vehicles are governed by over 100 million lines of code, running across 50 to over 100 independent processors known as electronic control units. Since 1996 for American vehicles and 2001 for European ones, standardized connectors ...
10 months ago Cyberdefensemagazine.com
Discovering SSRF Flaws in Microsoft Azure Services - Microsoft Azure is an incredibly popular cloud computing platform and its services are used around the world. Recently, security researchers uncovered several Server-Side Request Forgery (SSRF) flaws in many of Microsoft Azure’s services. This type ...
2 years ago Securityaffairs.com
VicOne Partners With 42Crunch to Deliver Comprehensive Security Across SDV and Connected-Vehicle Ecosystem - PRESS RELEASE. DALLAS and TOKYO, May 29, 2024- VicOne, an automotive cybersecurity solutions leader, today announced a partnership with 42Crunch to enhance the security of application programming interfaces for the software-defined vehicle and ...
8 months ago Darkreading.com
CVE-2022-40267 - Predictable Seed in Pseudo-Random Number Generator (PRNG) vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z (x32,64,80, yT,R, zES,DS,ESS,DSS) with serial number 17X**** or later, and versions 1.280 and prior, Mitsubishi ...
1 year ago
Cybersecurity jobs available right now: October 2, 2024 - Help Net Security - As an Applied Cybersecurity Engineer (Center for Securing the Homeland), you will apply interdisciplinary competencies in secure systems architecture and design, security operations, threat actor behavior, risk assessment, and network security to ...
4 months ago Helpnetsecurity.com
10 Best Security Service Edge Solutions - Security Service Edge is an idea in cybersecurity that shows how network security has changed over time. With a focus on customized solutions, Security Service Edge Solutions leverages its expertise in multiple programming languages, frameworks, and ...
11 months ago Cybersecuritynews.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)