Skip to main content

Is Your EV Charging Station Safe? New Security Vulnerabilities Uncovered.





#we_inform_the_uninformed .



Two new security weaknesses discovered in several electric vehicle (EV) charging systems could be exploited to remotely shut down charging stations and even expose them to data and energy theft.



The findings, which come from Israel-based SaiFlow, once again demonstrate the potential risks facing the EV charging infrastructure.



The issues have been identified in version 1.6J of the Open Charge Point Protocol (OCPP) standard that uses WebSockets for communication between EV charging stations and the Charging Station Management System (CSMS) providers. The current version of OCPP is 2.0.1.



โ€œThe OCPP standard doesnโ€™t define how a CSMS should accept new connections from a charge point when there is already an active connection,โ€ SaiFlow researchers Lionel Richard Saposnik and Doron Porat said.



โ€œThe lack of a clear guideline for multiple active connections can be exploited by attackers to disrupt and hijack the connection between the charge point and the CSMS.โ€





This also means that a cyber attacker could spoof a connection from a valid charger to its CSMS provider when itโ€™s already connected, effectively leading to either of the two scenarios:



A denial-of-service (DoS) condition that arises when the CSMS provider closes the original WebSocket connection when a new connection is established

Information theft that stems from keeping the two connections alive but returning responses to the โ€œnewโ€ rogue connection, permitting the adversary to access the driverโ€™s personal data, credit card details, and CSMS credentials.

The forging is made possible owing to the fact that CSMS providers are configured to solely rely on the charging point identity for authentication.



โ€œCombining the mishandling of new connections with the weak OCPP authentication and chargers identities policy could lead to a vast Distributed DoS (DDoS) attack on the [Electric Vehicle Supply Equipment] network,โ€ the researchers said.



EV Charging Station

OCPP 2.0.1 remediates the weak authentication policy by requiring charging point credentials, thereby closing out the loophole. That said, mitigations for when there are more than one connection from a single charging point should necessitate validating the connections by sending a ping or a heartbeat request, SaiFlow noted.



โ€œIf one of the connections is not responsive, the CSMS should eliminate it,โ€ the researchers explained. โ€œIf both connections are responsive, the operator should be able to eliminate the malicious connection directly or via a CSMS-integrated cybersecurity module.โ€



Source; THN.



Labels

Labels:

Comments

Post a Comment

Popular posts from this blog

More Than 100 Angry Youths Chased Maracha District Officials Out of Site Meeting Over Corruption.

๐Ÿ“ธ: Some of the angry Youths displaying placards as others walked in to stop the ongoing meeting by Maracha District officials. Story by Osuta Yusuf. Maracha District. 3-February-2025. ๐Ÿ“ธ: Kololo Public Seed Secondary School whose construction project has again stalled. Photo by Osuta Yusuf, Our News Reporter. The angry youths from Vurra Parish, Tara Sub-county in Maracha East constituency, Maracha District have on Monday 3-Feb-2025 chased the entire Maracha District officials out of a site meeting in Kololo Seed Secondary over allegations of corruption stemming from the stalled seed school construction project. Key Maracha District officials who went for the site meeting on Monday 3-Feb-2025 include, the Security department headed by the deputy RDC Koliba Monica Kotevu and Assistant RDC Collins Dramani, the LC5 Chairperson Hon Obitre Stephen together with his DEC Councilors, the accounting  / technical department headed by the CAO Mr Olila Patrick, the Engi...
Post a Comment
Read more

Escaped Murder Suspect Finally Arrested in Yumbe Regional Referral Hospital, Yumbe District.

Story by Osuta Yusuf. 19-November-2024. ๐Ÿ“ธ: Eyotre Kennedy handcuffed on bed while receiving medication this morning at Yumbe Regional Referral Hospital in Yumbe District. Eyotre Kennedy originating from Etoko village, Nyoroo Parish, Nyadri Sub-county in Maracha District who has for many years been terrorizing residents in his village, has finally been arrested this Monday morning 19-November-2024 while receiving treatment at Yumbe Regional Referral Hospital in Yumbe District following injuries he sustained from Theft mission on Saturday night 16-November-2024 in Owapi village, Azapi parish in Odupi Sub-county, Terego East Constituency in Terego District. Click here on the link  https://informationispowah.blogspot.com/2024/11/fugitive-who-chopped-3-people-killed.html   to read the story on his Theft of Goats in Terego. Upon getting cut on the finger and leg by the Mob as he attempted to fight and overpower owner of the goats he attempted to steal on Saturday night ...
Post a Comment
Read more

41-Years-Old Man Digs His Own Grave in Maracha District.

Story by Osuta Yusuf.  Maracha District.  ๐Ÿ“ธ: The grave been dug by Mr Opiga Michael, a victim of frustration. Photo taken by Osuta Yusuf , on Wednesday 11-September-2024. The residents of Ebapi village, Baria Parish in Nyadri Sub-county, Maracha east constituency, Maracha District are in shock after a 41 year old man started digging his own grave. The man, identified as Mr Opiga Michael, who seems to be frustrated over some challenges in life, started digging his own grave on Tuesday 10-September-2024 until he was stopped by the elders in Nyaria clan. ๐Ÿ“ธ: Opiga Michael, the Victim of Frustration. Photo by Osuta Yusuf , Information is Power. While speaking to our reporter on Wednesday evening 11-September-2024, Mr Opiga Michael, said, his main plan  was to commit suicide after finishing digging the grave for burying himself, explained that, he feels frustrated, abandoned and hated by his own clan people, whom he accused of piling lies against him a...
Post a Comment
Read more