INTELLIGENT BRANDS // Green Technology
Cyberattackers could exploit
electric vehicle vulnerabilities
/////////////////////////////
While electric vehicles
offer an environmentally
friendly option, potential
security vulnerabilities
have led to Kaspersky Lab
issuing a safety warning.
W
hile modern electric vehicles
are tested constantly for
vulnerabilities, some of their
essential accessories, such as battery
chargers, often remain neglected.
Kaspersky Lab experts have discovered that
electric vehicle (EV) chargers supplied by
a major vendor carry vulnerabilities that
can be exploited by cyberattackers, and
that the consequences of a successful
attack could include damage to the home
electricity network.
EVs are a hot topic as their development
makes a vital contribution to
environmental sustainability. In some
regions, public and private charging points
are becoming commonplace.
first option would only prevent a person
from using the car, the second one could
potentially cause the wires to overheat on a
device that is not protected by a trip fuse.
All an attacker needs to do to change the
amount of electricity being consumed is
obtain Wi-Fi access to the network the
charger is connected to. Since the devices
are made for domestic use, security for the
wireless network is likely to be limited.
This means that attackers could gain access
easily, for example by bruteforcing all possible
password options, which is quite common:
according to Kaspersky Lab statistics 94%
of attacks on IoT in 2018 came from Telnet
and SSH password bruteforcing. Once inside
the wireless network, the intruders can easily
find the charger’s IP-address. This, in turn, will
allow them to exploit any vulnerabilities and
disrupt operations.
All the vulnerabilities found were reported to
the vendor and have now been patched.
“People often forget that in a targeted
attack, cybercriminals always look for the
least-obvious elements to compromise in
order to remain unnoticed. This is why it is
very important to look for vulnerabilities, not
just in unresearched technical innovations,
but also in their accessories – they are
usually a coveted prize for threat actors. As
we have shown, vendors should be extra
careful with connected vehicle devices, and
initiate bug-bounties or ask cybersecurity
experts to check their devices.
In this case we were fortunate to have a
positive response and a rapid patch of the
devices, which helped to prevent potential
attacks,” said Dmitry Sklyar, a security
researcher at Kaspersky Lab.
Kaspersky Lab recommends taking following
security measures:
• Regularly update all your smart devices to
the latest software versions. Updates may
contain patches for critical vulnerabilities,
which, if left unpatched, may give
cybercriminals access to your house and
private life.
• Don’t use the default password for Wi-Fi
routers and other devices, change it to
strong ones and don’t use the same
password for several devices. n
The growing popularity of EVs led Kaspersky
Lab experts to check widely available
domestic chargers that include a remote
access feature.
Researchers found that, if compromised,
the connected charger could cause a power
overload that would take down the network
it was connected to and, in the worst-case
scenario, damage other network devices.
The researchers found a way to initiate
commands on the charger and to either
stop the charging processor or set it to
the maximum current possible. While the
www.intelligentcio.com
INTELLIGENTCIO
61