Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Electric Charging Station. Show all posts

Cybersecurity Experts Raise Concerns Over Cybersecurity of Electric Car Chargers


Cybersecurity experts at the Sandia National Labs, after publishing their research are now acknowledging that there is more safeguard which is needed to be put in place. The reason being if the chargers are compromised, the consequences could be more than just credit card data being stolen.

There are numerous electric car charging stations all across Albuquerque, including some that are free downtown, from BioPark to Walmart. Most electric car drivers do not give a second thought while plugging in their cars, especially when it comes to cybersecurity. 

“I haven’t given it much additional thought when it comes to additional protect or encryption,” says Joseph Griego, an electric vehicle driver. 

But Sandia National Labs’ researchers have discovered some major issues regarding the security of these charging stations. 

Jay Johnson, a cybersecurity researcher at Sandia National Labs Cybersecurity says “There are things like insecure firmware update processes, there are challenges with local web interfaces and vulnerabilities that exist in those. You can see some of these devises have Wi-Fi access points that allow you to connect with your smart phone and configure the charger to do certain things.” 

While the U.S. did not face any major cyberattack, hackers overseas have taken down several charging grids. 

“An interesting example of this is there is an M11 motorway that ran from St. Petersburg to Moscow, and during the start of the conflict with Russia and Ukraine there were Ukrainian parts inside these electric vehicle chargers on this Russian motorway, and the Ukrainians were able to disable those chargers and display anti-Putin, pro-Ukraine messages on them,” says Johnson. 

While other hackers could get hold of passwords and credit card information, some are also capable of turning off a whole bunch of chargers at once sending shock waves throughout the power grids. 

“The power grid operates where you need to provide a certain amount of generation to meet load, so if that load is suddenly disconnecting EV chargers all at the same time that changes significantly, and your generation needs to rapidly readjust, or you will have swings in frequency on the power grid,” he continued. 

Will This Cybersecurity Regulation Come from Federal Government or Individual States? 

According to Johnson, “Right now in the U.S. we do not have those requirements, but it seems like there is an appetite to implement them because of vulnerabilities we have discovered.” 

While the drivers only hope that these chargers will continue keeping them on the roads, as Griego states, “I mean I hope this doesn’t become a problem because otherwise I have been very happy with the electric vehicle.” 

The researchers of this study hope that these regulations will be implemented soon because $7.5 billion from President Biden's infrastructure program, will fund the expansion of charging stations along interstates across the nation.  

Cyber Attacks Are A Threat To The Energy Sector

 

According to a senior industry source, concern over cyber-attacks on power plants and electricity grids is "off the scale" in the UK energy sector. It just takes one component to fail for the entire chain to be disrupted, resulting in a cascade effect that affects our daily life. 

As winter approaches, the supply chain that serves the UK's crucial demand for gas and power is experiencing a broad energy crisis. The global gas crisis, the UK's electricity system, has already forced numerous elderly nuclear power facilities to take unplanned maintenance outages, while persistent energy shortages are expected to force further industry shutdowns. 

"The United Kingdom stands out in terms of cyber threats. Our energy system's cyber threats are over the charts," Steve Holliday stated. The UK parliament is reeling from a "sustained and aggressive" cyber-attack that has rendered MPs' email inaccessible.

So, why is the energy sector a target for cyber-attacks and why is it vulnerable? 

Any effect on the energy sector can have far-reaching consequences for entire towns and even countries. An attack on a power plant or a pipeline can result in widespread blackouts, disrupting transportation, heating, and other important economic functions. According to Mohammed AlMohtadi, the chief information security officer at Abu Dhabi's Injazat, the risk in the energy business derives from the usage of old industrial control systems that haven't been modernized in years and aren't properly linked across systems. 

So, how can big energy and utility businesses fall victim to cyber-attacks? 

Typically, ransomware attacks are used to steal commercial secrets, confidential data, and intellectual property. "The energy sector is classified as vital infrastructure. The nation's financial and physical infrastructure might be crippled if it is infiltrated," warned Avinash Advani, founder, and CEO of CyberKnight, a Dubai-based cybersecurity firm. Potential targets include oil and gas infrastructure, nuclear power plants, electricity grids, water corporations, and utility companies that provide power, water, and sewage treatment to the population. 

The Covid-19 epidemic has revealed the dark side of the energy sector. As more people work from home to stop the spread of the coronavirus, they unknowingly expose a company to cyber-attacks. The energy business should not underestimate groups who target facilities, given the devastating consequences of cyber attacks, they should focus on reinforcing their cybersecurity technology to guarantee that their firewall is safe and that any outdated, archaic computer systems and software they are employing are adequately protected.

New Vulnerabilities Expose EVlink Electric Vehicle Charging Stations to Remote Hacking

 

Schneider Electric confirmed the discovery and patching of multiple vulnerabilities in EVlink EV charging stations, which might expose these deployments to hostile hackers, in a security advisory. 

The flaws are found in the EVlink City (EVC1S22P4 and EVC1S7P4), Parking (EVW2, EVF2, and EVP2PE), and Smart Wallbox (EVB1A) equipment, as well as other items that will be terminated. 

Cross-site request forgery (CSRF) and cross-site scripting (XSS) flaws stand out among the vulnerabilities addressed, both of which could be used to launch actions impersonating legitimate users; additionally, a vulnerability was addressed that could give attackers complete access to charging stations via brute force attacks. 

According to the Common Vulnerability Scoring System, the most serious vulnerability obtained a score of 9.3/10. (CVSS). The firm warns that exploiting the major issue could result in serious consequences. 

Schneider’s notice stated, “Malicious manipulation of charging stations could lead to denial of service (DoS) attacks, deregistration, and disclosure of sensitive information.” 

The majority of these flaws require physical access to the system's internal communication ports, while some more sophisticated assaults can be carried out remotely over the Internet. The vulnerabilities entail sending specially crafted queries, according to Tony Nasr, the researcher who first disclosed the flaws, and exploitation does not require interaction from vulnerable users. 

“Attacks allow threat actors to exploit compromised EVCS in a similar way to the operation of a botnet, allowing the deployment of various attacks.” 

Exploiting the CSRF and XSS vulnerabilities, on the other hand, necessitates a certain level of user engagement. While Internet-oriented EVlink implementations are the most dangerous attack vector, cybercriminals might still pose a serious security risk to these stations over LAN, as the EVlink configuration needs network connectivity for remote control and more efficient management. 

Nasr concluded by stating that these flaws were discovered as part of a larger research on charging station management systems for electric vehicles. The study's full findings will be released in the coming months.