Smart home charging networks vulnerable to cyber attacks

Kaspersky Lab, an IT specialist firm from Russia, warns that electric vehicle chargers supplied by a “major vendor” are vulnerable to cyber attacks that could damage the home grid. Experts from Fraunhofer SIT have looked into the issue as well and developed a solution scenario.

While the Fraunhofer experts have been modelling said cyber attacks on charging stations, the engineers from Kaspersky Lab practically managed to break into home charging systems currently on the market.

Particularly one provider exhibited problems the experts say, but they have since all been solved. While the press release does not state the name of the supplier, a paper detailing the analysis has ChargePoint’s Home charging station at the centre.

However, Kaspersky Labs warns in general, that while electric cars are being fire-walled regularly so to speak, charging stations, particularly those enabling remote operation are vulnerable to attacks.

For example, the researchers found a way to initiate commands on the charger and to either stop the charging processor or set it to the maximum current possible. While the first option would only prevent a person from using the electric car, the second one could potentially cause the wires to overheat on a device that is not protected by a trip fuse.

All an attacker needs to do to change the amount of electricity being transmitted is obtain Wi-Fi access to the network the charger is connected to. Since the devices are made for home use, security for the wireless network is likely to be limited. This means that attackers could gain access easily, for example by bruteforcing all possible password options, which is quite common: according to Kaspersky Lab statistics 94% of attacks on IoT in 2018 used this method. Once inside the home network, the intruders can easily find the charger’s IP-address and then exploit any vulnerabilities.

For home users, Kaspersky Labs recommend to regularly update all smart devices to the latest software versions. Moreover, using strong passwords but also isolating the smart home network from the network used by the personal devices for basic Internet searching is advisable.

Meanwhile, experts at Fraunfofer SIT have been looking into similar issues, however concentrating on public devices. Like Kaspersky, Fraunhofer SIT also assumes that charging stations are an easy target for IT-based attacks. Yet, in this case, hackers could manipulate the charging stations to charge for free indefinitely or to capture personal data for example.

To prevent such attacks, they modelled a solution that was recently presented at a conference in Berlin and is called the Trusted Platform Module. The hardware connects to the charging station permanently and enables to check remotely whether the charging station firmware remains in perfect condition.

The Fraunhofer solution was developed as part of the DELTA project (data security and integrity in electric mobility) that looks at charging and billing in compliance with legal metrology (Eichrecht).

kaspersky.com, sit.fraunhofer.de (in German)