“Who can hack a power plug?”, the info security risks in electric cars charging

charge-stationThis research presents a case study of IoT security. Deviating from the usual suspects, it focuses on an emerging IoT node: a public electric car charging station. Since electric car batteries are limited in capacity and since charging takes time, such curb side power plugs are essential to enable the electric cars revolution.

Such charging stations need to authenticate the customer, using smart cards for example, handle payments, communicate to the driver, on his phone, the charge status and in the future balance power demand in the locality of the charging station. As a result, this is very much a smart power plug: essentially a computer lying there on the curb side.

The presentation introduces electric car charging stations and then discusses and brings example of key potential vulnerability areas:

  • Physical access
  • Short range communications
  • Encryption
  • Connectivity to central networks and the Internet
  • The human factor.

The work was presented in Hack In The Box Amsterdam in 2013:

The closest airport to my house is in Damascus

I live in a war zone. The Syrian border is just 15 miles from my home and a horrible civil happens there. Less than one mile from hermon_from_emek_qedeshmy house is another border which I have never crossed dividing me from people I may never meet. But when I jog along this border, with the wonderful view below, listening to the birds sing, it all seems quite unreal.

Is the quietness deceptive? Am I secure? Maybe this perspective enables me to understand better than my fellow information security folks that nothing is really secure. Security is relative. One can be more secure than his neighbor, or more secure than he was last year, but nothing, never, is just secure.

The most obvious outcome is that my interest has always been protecting rather than breaking. It is just not that much fun to break things that are inevitably breakable.