Electric vehicles (EVs) continue to gain traction as a more environmentally-friendly alternative to its gas-fueled counterparts. 1.6 million units were expected to be sold globally in 2018, adding to the 3.3 million units already in use.
While EVs are not yet as prevalent in the Philippines, there were initiatives from both the public and private sector last year to help encourage their purchase. The office of Senator Sherwin Gatchalian was finalizing legislation for the promotion of EVs, while Unioil Petroleum Philippines and Pilipinas Shell Petroleum Corporation launched charging stations among their respective outlets.
The increasing prevalence of charging stations is good news for EV users in the country, but they must also be wary of some risks that could infiltrate their security. A recent study by Kaspersky Lab revealed that attackers are able to access users’ private information through EV chargers.
Exploiting ‘remote access’
By taking advantage of a charger’s remote access feature, an attacker could cause a power overload which in turn could take down the network it’s connected to. The attacker first obtains Wi-Fi access to the charger’s network, often by brute-forcing through all possible password options. If successful, the attacker is able to obtain the charger’s IP address, which allows them to exploit and disrupt the system’s operations.
Such damage would not only cost users large sums in repairs, but may also damage other devices connected to the network. An attacker could make the EV inaccessible to its owner by putting it on reservation mode, for instance, or unlock the EV’s socket locking hatch to allow them to steal the charging cable itself.
While the vulnerabilities found by Kaspersky Lab have already been resolved, the company recommends EV users to take the following security measures:
- Regularly update smart devices to their latest software versions. New versions may contain patches for critical vulnerabilities which can be exploited by attackers.
- Change the default passwords for Wi-Fi routers and devices into strong ones. Different passwords should also be crafted for different devices.
- Isolate the smart home network from the network being used for Internet browsing on personal devices. This is to ensure that your smart home network won’t be affected should you receive malicious software on the other network.
“People often forget that in a targeted attack, cybercriminals always look for the least obvious elements to compromise in order to remain unnoticed,” said Dmitry Skylar, a security researcher at Kaspersky Lab. “This is why it is very important to look for vulnerabilities, not just into unresearched technical innovations, but also in their accessories. They are usually a coveted prize for threat actors.”