CyberSecurityBoard
Sponsor Register Login

Vulnerabilities in Electric Vehicle Charging Systems Enable Interference and Unauthorized Use of Power.

Researchers have warned that many electric vehicle charging management systems are vulnerable to attack, which could allow hackers to cause disruption, steal energy, or access driver information. The security flaws were discovered by SaiFlow, an Israel-based company that specializes in protecting EV charging infrastructure and distributed energy resources. The vulnerabilities are related to the Open Charge Port Protocol, which is used for communication between the charging system management service and the EV charge point. The protocol is unable to handle multiple connections at once, which can be exploited by attackers. Additionally, SaiFlow has identified a Weak OCPP authentication and chargers identities policy, which can be used to charge vehicles without paying. The CSMS platforms are publicly accessible, meaning attackers can hijack the connection remotely without needing credentials or access. According to SaiFlow, an inexperienced hacker with limited resources could carry out an attack. To do so, they must first obtain a charger's identity, which typically has a standard structure, and then find out which CSMS platform the charger is connected to. SaiFlow has published a blog post with more information on the vulnerabilities and attack scenarios, as well as recommendations for how to mitigate them. The company has also offered its solutions team to help vendors patch the vulnerabilities as quickly as possible.

This Cyber News was published on www.securityweek.com. Publication date: Thu, 02 Feb 2023 12:17:02 +0000


Cyber News related to Vulnerabilities in Electric Vehicle Charging Systems Enable Interference and Unauthorized Use of Power.

VoltSchemer attacks use wireless chargers to inject voice commands, fry phones - A team of academic researchers show that a new set of attacks called 'VoltSchemer' can inject voice commands to manipulate a smartphone's voice assistant through the magnetic field emitted by an off-the-shelf wireless charger. VoltSchemer can also be ...
10 months ago Bleepingcomputer.com
How to Clean Your Charging Port in 5 Easy Steps - Throughout the day, your phone accumulates debris, creating a barrier in the port and hindering a secure connection with your charger. Read on to learn how to clean a charging port in five easy steps. One of the most common causes of charging ...
10 months ago Pandasecurity.com
CVE-2022-25155 - Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series ...
1 year ago
The reality of hacking threats in connected car systems - The automotive industry faces new cybersecurity challenges as vehicles become more connected. All parties in the manufacturing supply chain should follow key principles for vehicle cybersecurity, such as organizational security, risk assessment and ...
10 months ago Helpnetsecurity.com
CVE-2022-25157 - Use of Password Hash Instead of Password for Authentication vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series ...
1 year ago
CVE-2022-25156 - Use of Weak Hash vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, Mitsubishi Electric ...
1 year ago
CVE-2022-25158 - Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all ...
2 years ago
CVE-2021-20609 - Uncontrolled Resource Consumption vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU Firmware versions "24" and prior, Mitsubishi Electric MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "57" and prior, ...
2 years ago
CVE-2021-20610 - Improper Handling of Length Parameter Inconsistency vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU Firmware versions "24" and prior, Mitsubishi Electric MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions ...
2 years ago
CVE-2021-20611 - Improper Input Validation vulnerability in Mitsubishi Electric MELSEC iQ-R Series R00/01/02CPU Firmware versions "24" and prior, Mitsubishi Electric MELSEC iQ-R Series R04/08/16/32/120(EN)CPU Firmware versions "57" and prior, ...
2 years ago
Cybersecurity In Critical Infrastructure: Protecting Power Grids and Smart Grids - Cyber Defense Magazine - Network Intrusion: Network communication systems of power and smart grids can be intruded through weak security configurations like default password, unsecured remote access, or unpatched systems and other vulnerabilities to gain control into the ...
2 months ago Cyberdefensemagazine.com
The many ways electric cars are vulnerable to hacks, and whether that matters in a real-world - While I don't own a Tesla, I am now more invested in following the various ways attackers can take advantage of the connectivity of electric cars. They're all Wi-Fi connected so drivers can control the charging speed and timing of their cars, monitor ...
10 months ago Blog.talosintelligence.com
Are Electric Vehicle Charging Stations Secure Recent Security Flaws Discovered - Researchers from SaiFlow have discovered two security vulnerabilities in certain electric vehicle charging systems that could be used to remotely shut down charging stations and even steal data and energy. The issues were found in version 1.6J of the ...
1 year ago Thehackernews.com
Vulnerabilities in Electric Vehicle Charging Systems Enable Interference and Unauthorized Use of Power. - Researchers have warned that many electric vehicle charging management systems are vulnerable to attack, which could allow hackers to cause disruption, steal energy, or access driver information. The security flaws were discovered by SaiFlow, an ...
1 year ago Securityweek.com
CVE-2022-0878 - Electric Vehicle (EV) commonly utilises the Combined Charging System (CCS) for DC rapid charging. To exchange important messages such as the State of Charge (SoC) with the Electric Vehicle Supply Equipment (EVSE) CCS uses a high-bandwidth IP link ...
2 years ago
Integrating cybersecurity into vehicle design and manufacturing - In this Help Net Security interview, Yaron Edan, CISO at REE Automotive, discusses the cybersecurity landscape of the automotive industry, mainly focusing on electric and connected vehicles. Edan highlights the challenges of technological ...
10 months ago Helpnetsecurity.com
Securing the Electric Vehicle Charging Infrastructure - Because EVs can travel only a limited distance on a charge, having charging stations nearby is non-negotiable. Unless you live in the middle of absolute nowhere, you probably don't have to worry about finding a gas station nearby, but the same isn't ...
11 months ago Feeds.fortinet.com
CVE-2022-25160 - Cleartext Storage of Sensitive Information vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all ...
2 years ago
CVE-2022-25159 - Authentication Bypass by Capture-replay vulnerability in Mitsubishi Electric MELSEC iQ-F series FX5U(C) CPU all versions, Mitsubishi Electric MELSEC iQ-F series FX5UJ CPU all versions, Mitsubishi Electric MELSEC iQ-R series R00/01/02CPU all versions, ...
2 years ago
Safeguarding the Code That Drives Modern Vehicles - Surprisingly, these vehicles are governed by over 100 million lines of code, running across 50 to over 100 independent processors known as electronic control units. Since 1996 for American vehicles and 2001 for European ones, standardized connectors ...
9 months ago Cyberdefensemagazine.com
Risk of Denial of Service Attacks on Electric Vehicle Charging Stations - Recent studies have shown that 5.8 percent of all vehicles sold in 2022 will be electric, which is a large number considering the newness of the technology. Hackers are taking note of this and any potential vulnerabilities related to electric ...
1 year ago Hackread.com
Energy giant Schneider Electric hit by Cactus ransomware attack - Energy management and automation giant Schneider Electric suffered a Cactus ransomware attack leading to the theft of corporate data, according to people familiar with the matter. BleepingComputer has learned that the ransomware attack hit the ...
10 months ago Bleepingcomputer.com
CVE-2022-40267 - Predictable Seed in Pseudo-Random Number Generator (PRNG) vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series FX5U-xMy/z (x32,64,80, yT,R, zES,DS,ESS,DSS) with serial number 17X**** or later, and versions 1.280 and prior, Mitsubishi ...
1 year ago
CVE-2022-24946 - Improper Resource Locking vulnerability in Mitsubishi Electric MELSEC iQ-R Series R12CCPU-V firmware versions "16" and prior, Mitsubishi Electric MELSEC-Q Series Q03UDECPU the first 5 digits of serial No. "24061" and prior, Mitsubishi ...
2 years ago
IT and OT cybersecurity: A holistic approach - In comparison, OT refers to the specialized systems that control physical processes and industrial operations. OT Technologies include industrial control systems, SCADA systems and programmable logic controllers that directly control physical ...
11 months ago Securityintelligence.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)