Forgot your password?
typodupeerror
Security Transportation

Hackers Could Abuse Electric Car Chargers To Cripple the Grid, Researchers Say 126

Posted by samzenpus
from the everybody-panic dept.
alphadogg writes "Hackers could use vulnerable charging stations to prevent the charging of electric vehicles in a certain area, or possibly even use the vulnerabilities to cripple parts of the electricity grid, a security researcher said during the Hack in the Box conference in Amsterdam on Thursday. While electric cars and EV charging systems are still in their infancy, they could become a more common way to travel within the next 10 years. If that happens, it is important that the charging systems popping up in cities around the world are secure in order to prevent attackers from accessing and tempering with them, said Ofer Shezaf, of HP ArcSight. At the moment, they are not secure at all, he said."
This discussion has been archived. No new comments can be posted.

Hackers Could Abuse Electric Car Chargers To Cripple the Grid, Researchers Say

Comments Filter:
  • Fuses... (Score:5, Funny)

    by Joce640k (829181) on Friday April 12, 2013 @05:35AM (#43430743) Homepage

    I've just applied for a patent on a device I call a "fuse". You can put arrays of them in a thing I call a "fuse box". They prevent too much current from passing along a wire.

    • Re:Fuses... (Score:5, Funny)

      by Neil Boekend (1854906) on Friday April 12, 2013 @05:56AM (#43430791)
      Is it web-enabled, cloud and smart? No? Then you ain't got nothing these days.
      • by geekmux (1040042)

        Is it web-enabled, cloud and smart? No? Then you ain't got nothing these days.

        Yeah, you're right. All I'm left with is a lonely old-fashioned fuse box. So boring, yet so secure...

        • It's worthless until you can turn any/all of these fuses on or off remotely from a smartphone or a website.

      • Re:Fuses... (Score:5, Funny)

        by Joce640k (829181) on Friday April 12, 2013 @06:28AM (#43430851) Homepage

        Is it web-enabled, cloud and smart? No? Then you ain't got nothing these days.

        I've got a contact in Shenzhen who promises me they can provide a cloud-enabled controller for my fuse boxes at very good price.

      • by Agent0013 (828350)
        What about a fuse. . . on the web? Or with a cell phone? Aren't those the key words used to patent any old thing as new again?
    • Re:Fuses... (Score:5, Funny)

      by isorox (205688) on Friday April 12, 2013 @06:46AM (#43430897) Homepage Journal

      I've just applied for a patent on a device I call a "fuse". You can put arrays of them in a thing I call a "fuse box". They prevent too much current from passing along a wire.

      Can you sell them to the crew of the Enterprise? The number of exploding consoles they have...

      • Re:Fuses... (Score:5, Funny)

        by king neckbeard (1801738) on Friday April 12, 2013 @07:34AM (#43431003)
        Unfortunately, the Treaty of Algeron prohibits the Federation from researching certain technology, including cloaking devices and fuses.
        • Re:Fuses... (Score:5, Funny)

          by OzPeter (195038) on Friday April 12, 2013 @08:07AM (#43431091)

          Unfortunately, the Treaty of Algeron prohibits the Federation from researching certain technology, including cloaking devices and fuses.

          More disclosure is needed here .. that treaty also forbids seat belts.

          • Re:Fuses... (Score:5, Funny)

            by dj245 (732906) on Friday April 12, 2013 @09:49AM (#43431683) Homepage

            Unfortunately, the Treaty of Algeron prohibits the Federation from researching certain technology, including cloaking devices and fuses.

            More disclosure is needed here .. that treaty also forbids seat belts.

            Seat Belts are a hazard when you need to get away from a console which will explode imminently.

      • by mysidia (191772)

        Can you sell them to the crew of the Enterprise? The number of exploding consoles they have...

        The consoles are exploding, when they're at red alert, so they have engaged the battle short, or bypass of circuit protection, to maintain the availability of critical control systems in spite of battle damage, during the lifethreatening situation. :)

        • They're not very useful for controlling critical systems if they constantly get blown up, are they?

          • by mysidia (191772)

            Normally the console is just fine, and the human has the problems.

            It's necessary in the event of a disaster, to be able to do something like dump power from the phaser banks into the consoles to bring them back online.

      • by Joce640k (829181)

        Can you sell them to the crew of the Enterprise? The number of exploding consoles they have...

        That smoke you see is the fuse doing its job correctly. How else could they repair them in time for next week's show?

    • by flyneye (84093)

      A modification to your fuse could solve the problem politically rather than electronically. Place the first hacker they catch, in line behind the fuse in the circuit. Leave him there til you can smell bacon, post to youtube. Repeat as needed.

    • Re:Fuses... (Score:5, Insightful)

      by LoRdTAW (99712) on Friday April 12, 2013 @09:32AM (#43431539)

      Seriously. If this clown thinks that switching on multiple charging stations at once can cripple a grid he needs a course in basic electric system installation. This guy is just hyping up a non existent problem and turning it into "OMG terrorist hackers will cripple our country!" FUD. Its silly attention seeking.

      Example:
      If you had 10 chargers in a parking lot, each charger would have its own internal circuit breaker and the entire branch circuit that powers them all also must have a circuit breaker. Lets say the branch circuit can only support a maximum of 5 chargers at full power or a mix of low/high charge levels for all 10. If some "hacker" turned them all on at once guess what happens? The branch circuit breaker trips, problem solved. Even if there were 100 chargers, a breaker will trip and again problem solved.

      • Seriously. If this clown thinks that switching on multiple charging stations at once can cripple a grid he needs a course in basic electric system installation. This guy is just hyping up a non existent problem and turning it into "OMG terrorist hackers will cripple our country!" FUD. Its silly attention seeking.

        Example: If you had 10 chargers in a parking lot, each charger would have its own internal circuit breaker and the entire branch circuit that powers them all also must have a circuit breaker. Lets say the branch circuit can only support a maximum of 5 chargers at full power or a mix of low/high charge levels for all 10. If some "hacker" turned them all on at once guess what happens? The branch circuit breaker trips, problem solved. Even if there were 100 chargers, a breaker will trip and again problem solved.

        its possible.

        We blow up a transformer somewhere in the neighborhood atleast once a summer. LA went thru rolling blackouts the last few years.

        Take system that is pushed to the max, everyone gets home at 1730hr and plugs in their car, BOOM. your in the dark till about 2000 hr waiting on the power company to go change a transformer. larger cities, better planned neighborhoods have multiple feeds and larger transformers.

        one thing I do think he missed is ohms law. sure, you can turn one on or off remotely, b

        • by mjwalshe (1680392)
          wellll don't take this the wrong way but in the EU we have properly designed Grid systems ;-)
    • by X0563511 (793323)

      I've got an even better idea! We could take two different metals, and mate them together, and press them against another contact. Kind of like a spring. If you machine the strip right, if it gets too hot it will flex away and break circuit contact! For extra safety, you could even design a catch system so that it can't automatically re-engage when it cools back down.

      Now I just need to come up for a good name for these things.

    • by mjwalshe (1680392)

      I've just applied for a patent on a device I call a "fuse". You can put arrays of them in a thing I call a "fuse box". They prevent too much current from passing along a wire.

      Would not getting a belt of a 415 V line likely to discourage individuals and possibly induce auto dawination. Fast charge stations might well be pushing a lot more volts and amps than 415.

      In many third world countries people die (if they are lucky quickly) when they try and tap into the power system quiet regularly.

  • Stop the FUD (Score:5, Insightful)

    by wbr1 (2538558) on Friday April 12, 2013 @05:42AM (#43430761)
    A hacker could just as concievably shut down the computer or payment system in a traditional gas station rendering it useless. Or disrupt the credit authentication system. Or a terrorist could bomb them.
    Just because its an EV does not make it or its infrastructure any more or less succeptible to an attack of some kind. To say otherwise just discourages people from looking at it as an alternative and is FUD.
    • Re:Stop the FUD (Score:5, Insightful)

      by JaredOfEuropa (526365) on Friday April 12, 2013 @06:03AM (#43430801) Journal
      Apparently there's adequate security on computers at gas stations and credit card companies. The point is that EV charging points do not have adequate protection, making them an obvious target. The same concern was voiced about smart meters / smart appliances, and experts claim that by switching a great many high power equipment (EV chargers, dryers, solar panel inverters) on and off in a certain coordinated way, one can seriously mess up the grid.
      • by Lumpy (12016)

        Mostly because they all have cablemodems on them and use telnet with a root password of 12345

        "not secure" as in they dont have a armed guard near them? they are as secure as a power substation that if you simply start shooting out insulators can cause a LOT more problems with the electrical grid than 10 car charging stations could.

        • by khallow (566160)
          Why have a "smart charger" at a service station? That would probably be always on due to the high demand and fast charge times required. I think what they're talking about is individual chargers in homes and businesses. You'd plug it in overnight and take advantage of relatively cheap night power.

          Let's say in the US that a few hundred million of such chargers in a "smart grid" decided to pull current at the same time, that would probably trigger most current restricting safeties on the entire national gr
          • Re: (Score:2, Insightful)

            by Anonymous Coward

            "A few hundred million of such chargers"??? Wake me when there ARE a few hundred million EV smart chargers in the US. Once I get done celebrating I'll help you secure them.

            A large portion of EVs (including my Leaf) are recharged today using nothing more sophisticated than the brick that came with the car and a 120v outlet in the owner's garage.

          • If you're worried about running out of fuses, use circuit breakers wherever it's feasible

          • by Lumpy (12016)

            Smart Charger.... you keep using that word.. I dont think it means what you think it means.

            "smart chargers" dont connect to the internet and then a global system for management. Smart charger means it knows how to stop charging and switch charging modes based on load draw and voltage spikes as well as feedback from the battery. If you think they put in an internect connection to every single "smart charger" I stringly suggest you actually read up on the subject.

            • by Darinbob (1142669)

              When they are networked, they're not connected to the internet. Now maybe you can hack into the utility or hack onto the private network, but it's not going to be easy to take these over en masse.

        • by Darinbob (1142669)

          I've got this controller box I was working on this week designed to connect to grid capacitor banks. One of the LEDs that pops up is labelled "low pressure". I was wondering what this was for, then I realized that it might be relatively common for people to shoot at the capacitors, transformers, and other tempting targets stuck on the top of poles. If you drive in the country it doesn't take too long to find a stop sign with a bullet hole in it. I've seen wireless access points and utility boxes that ha

      • by Nadaka (224565)

        As someone who worked at a gas station in college while I was getting my cs degree? Your "insightful" mod is not appropriate. Their computers have abysmal security.

      • by lorenlal (164133)

        So, for the sake of argument, let's assume those computers are "secure enough." Let's also assume that these new fangled fuses, or whatever, are installed, and we have a dead-simple meter for measuring how much electricity is actually being used.

        I'm wondering what the impact would be if someone did indeed try to compromise the station. Is it unreasonable to think the station (or pump) would be affected, hopefully by being shut off? Let's compare that to a gas station and a match.... Much bigger impact.

      • by Anonymous Coward

        Apparently there's adequate security on computers at gas stations and credit card companies.

        If by "adequate" you mean "no", well then yes. I managed three gas stations for two years and I can tell you the "security" is entirely composed of humans earning close to minimum wage. Most of them are stoned part of the day.

        The point is that EV charging points do not have adequate protection, making them an obvious target

        How exactly do you expect me to provide more "protection" to my charging point (which is in m

      • So i guess people don't turn on a great many devices in their own homes in a "certain way"?
        It's been happening since electricity was commercialized and sold. It's called brown outs. Last time i checked, the grid isn't a smoldering mess because of it.

    • by geekmux (1040042)

      A hacker could just as concievably shut down the computer or payment system in a traditional gas station rendering it useless. Or disrupt the credit authentication system. Or a terrorist could bomb them. Just because its an EV does not make it or its infrastructure any more or less succeptible to an attack of some kind. To say otherwise just discourages people from looking at it as an alternative and is FUD.

      FUD?

      On the technology that stands to disrupt companies that profit at a rate of $1,000 per second?

      You don't say...

    • by Drewdad (1738014)
      Researchers have discovered a substance known as "gasoline" that is common place at convenience stores. It is toxic and highly flammable, and could easily be used to create improvised incendiary devices...
    • When I RTFAed, the impression I got is that the charging stations cooperate with one another and trust one another. That is, one charging station can influence the behavior of others. Furthermore it's supposedly relatively easy to get a charging station's signing key and then impersonate that charging station. That is, I can say I'm a nearby charging station who si charging 100 cars right now, and thereby persuade other charging systems that right now isn't a good time for them to charge their cars, or c

    • by KGIII (973947)

      Just because its an EV does not make it or its infrastructure any more or less succeptible to an attack of some kind. To say otherwise just discourages people from looking at it as an alternative and is FUD.

      Pointing out potential security flaws is FUD to you? You know where you are, right? This is /. and we're huge proponents of disclosure and many of us are even fans of public disclosure. If we find a security flaw we're going to let you know and if you don't do anything about it we're going to let the world know.

      You reek of zealotry. This isn't FUD if it is true. Knock the sand out of your vagina and man up. We don't care if it is your favorite flavor of ice cream, if we find a flaw we're going to want it fi

  • by geekmux (1040042) on Friday April 12, 2013 @05:44AM (#43430763)

    When all one needs is a match to cause chaos at any one of the 100,000+ gas stations across the country, it seems rather strange that we're raising the physical security flag on this. Not saying he doesn't have a point, just seems to wash out when looking at what you could do today with so little.

    My house is connected to the electrical grid, and yet for some reason (safety design perhaps?), I highly doubt I could take out a city block from my bedroom outlet.

    • Please tell that to all the suicidal folks who smoke in gas stations.
    • by Joce640k (829181)

      I highly doubt I could take out a city block from my bedroom outlet.

      You're not trying very hard.

      The trick is to put something *into* the wires. Something like a Marx generator should do the trick.

    • A match at a current gas station will shut down the gas station and a small evacuation area around it.
        Doing this at an EV station, would take out all the houses and businesses in a massive area around it including possibly the hospital several blocks away..etc.etc.
      Maybe even an entire city, and all the EV stations therein.
      See the problem now?

      • by Anonymous Coward

        A match at a current gas station will shut down the gas station and a small evacuation area around it. Doing this at an EV station, would take out all the houses and businesses in a massive area around it including possibly the hospital several blocks away..etc.etc. Maybe even an entire city, and all the EV stations therein. See the problem now?

        Yes, I do.

        An electrical engineer needs to be fired.

        Electric grids are not new. Neither are the safeties built in, and no attack at a damn gas station should be able to take out a hospital, which also usually has its own backup power.

        • It's not the electrical engineers; it's the software guys. The scenario isn't that an attacker shorts something out; it's that he tricks machines into thinking there's a higher risk of shorting something out (or conceivably: brownouts from overuse).

          You can build an electric grid as reliably as you want, but if my software doesn't believe you, and decides to draw lower power when it mistakenly thinks others are drawing more power than they really are, then my software can be DoSed.

          You just fired the wrong

      • by nukenerd (172703)

        A match at a current gas station will shut down the gas station and a small evacuation area around it.

        Small? In the UK the police are inclined to shut down vast areas around even minor fires. Elf and safety you know.

    • by Joce640k (829181)

      When all one needs is a match to cause chaos at any one of the 100,000+ gas stations across the country, it seems rather strange that we're raising the physical security flag on this.

      Nothing strange about it, they're after a budget allocation and some new offices so they can deal with the menace more effectively.

    • by gigaherz (2653757)
      Your outlet isn't giving out over 10KW of charging power, though.
    • by X0563511 (793323)

      The difference is the 'fear of the unknown' at play. Most people understand fuel and fires. Those that do not, typically do not live long enough to breed.

      Electricity, however, is one of those newfangled things you can't see. Shit like that's just ain't no natural.

  • by gigaherz (2653757) on Friday April 12, 2013 @05:46AM (#43430765)

    [...] in order to prevent attackers from accessing and tempering with them, [...]

    temper /tempr/ Verb: Improve the hardness and elasticity of (steel or other metal) by reheating and then cooling it.

    How does this relate to EV chargers and why would it be important to prevent people from using them for this task.

    • by gigaherz (2653757)

      Hint:

      tamper /tampr/ Verb: Interfere with (something) to cause damage or make unauthorized alterations.

    • by gl4ss (559668)

      well.. if there's free electricity you can use it for tempering, by using the electricity for heating them, if enough people are doing this then others can't charge their vehicles and they get stuck.

      and twenty years ago the same guy probably announced that we're doomed because protesters could go and set gasoline stations on fire and then people wouldn't have a place to go to get gasoline.

  • Wrong venue (Score:3, Insightful)

    by aquabat (724032) on Friday April 12, 2013 @06:03AM (#43430803) Journal
    I think you have accidentally posted this piece to the wrong site, sir. There are too many people here who have a clue for your tactic to work. I suggest you try "SeekingAlpha" or "Forbes", if you want to manipulate a market more effectively.
    • Seeking Alpha is just now become Seeking Clicks..., authors get paid by the number of visits to their articles, so they churn out as many crap as they can with sensational titles, and as long as you click on it, cha-ching for them.

    • Post it to ZeroHedge, and mention Obama in the headline. They'll be tripping over each other to buy your gold at $1800 in no time...

  • Why bother crippling the grid by hacking chargers when they could just hack it directly [cnet.com]
  • How appropriate (Score:5, Interesting)

    by dkleinsc (563838) on Friday April 12, 2013 @07:03AM (#43430933) Homepage

    A few days ago, Bruce Schneier launched the Sixth Movie Plot Contest [schneier.com], with the goal of creating catastrophic but plausible things that "cyberwarriors" and evil hackers could do to destroy America. There are some fascinating ones, that's for sure, but the real point is that if you try to defend against everything that could happen, you'll waste most of your efforts.

  • What could possibly go wrong with petrol/gas pumps ?
  • Isn't there a simple answer to this, DON'T MAKE THE STUPID CHARGING STATIONS REMOTELY ACCESSIBLE. There has to be ways to make sure the stations aren't putting too much strain on the power grid without tying them into some massive (insecure) control structure. Maybe wire them all into a single meter, and have the meter act as a smaller network letting the group of stations use a certain amount of power depending on the time of day. For personal chargers utilities could give homeowners a bill credit if th

    • " For personal chargers utilities could give homeowners a bill credit if they only charge their cars between specified times. "

      This exists in some areas, or did 20 years ago when I lived in MD. They implemented time of use rates, which meant that electricity used in the middle of a summer day was (back then) 18c/kWh, but at night was 2.9c/kWh. There were shoulder periods, too. And the charges/hours differed in the winter.

      In addition, they would give you a $10 credit for an A/C cutoff box and $5 credit for

    • The point is when the high capacity rapid chargers are widely deployed, if they all began rapid charging at the same time the voltage drop and current surge on the grid would cause an automatic circuit trip. Likewise if charging stations were all runnining by a staggered start, the grid's power stations would ramp up power output, then if you stopped charging all of the stations at the same times the power-sations would over-rev and automatically shut-down. Now consider if the grid sub-stations were hacked

  • The web-servers are being hacked mostly to send spam. I do not see why would one want to hack remotely into a charger.
  • by jonr (1130)

    Nice try, Exxon FUD department...

  • by Anonymous Coward

    Hackers could use paper clips to cause the Earth to fall into the sun....

  • Imagine if we didn't have to worry about some ding-dong breaking things just because they could. We would have pneumatic tubes to every house, kitchen lasers for cutting would be common place, and small nuclear reactors in our back yards
  • ... except with an axe. This is why we should all switch to four legged power and methane scoops for the pooping area. I submit, this is the greatest idea ever conceived since the wheel.
  • by Enry (630) <`enry' `at' `wayga.net'> on Friday April 12, 2013 @10:08AM (#43431819) Journal

    Hackers could abuse ______ to _____ a/the ____.

  • by sesshomaru (173381) on Friday April 12, 2013 @10:11AM (#43431849) Journal

    We should stick with nice, safe, harmless gasoline.

    Totally harmless... [youtube.com]

  • by Anonymous Coward

    That a terrorist couldn't abuse the wide variety of location which contain thousands of gallons of highly flammable liquid?

  • Just think if 10% of the population have electric vehicles, coming home at the end of a hot day in the middle of summer, and then all dutifully plugging in their cars to the grid at roughly the same time.

    Most regions have issues where they reach peak energy production at times during the summer so I can't imagine how much more load hundreds of thousands of electric vehicles will have. Remember that no gas car is consuming electricity today so every new electric vehicle that plugs in is an added burden to a

    • Just think if 10% of the population have electric vehicles, coming home at the end of a hot day in the middle of summer, and then all dutifully plugging in their cars to the grid at roughly the same time.

      Believe it or not, the utility and automotive industries are well aware of these issues. A lot of work is being done to anticipate the possible rise of electrical vehicles, integrate them with the smart grid, etc. etc.

      Incidentally, winter peaks are going to be more challenging than summer, because they happen later in the evening (compare slides 30 [summer] and 31 [winter], here [google.com]).

  • by John Jorsett (171560) on Friday April 12, 2013 @12:00PM (#43432927)

    This brings to mind something else I've been wondering lately. Are the new electric meters that are going in capable of disconnecting service by remote command? If so, I'd think that would be an even jucier target for hacker disruption.

    • by Darinbob (1142669)

      We should just get rid of electricity overall. It has too many potential ways of causing harm.

  • Many manufacturers need a license to put anything controllable on the Net. Devices need to be certified that they are not openly hackable or a danger sitting out there in the big wide world....
  • Just use IPv6 on the devices.

I'm a Lisp variable -- bind me!

Working...