Published on December 26th, 2018 | by Nicolas Zart0
Kaspersky Lab Finds Vulnerabilities With Connected EV Chargers That Can Be Used To Hack Home Networks
December 26th, 2018 by Nicolas Zart
It took longer than expected, but connected EV home chargers are showing their potential danger in an era of the Internet of Things (IoT). Kaspersky Lab has reported finding a serious flaw for home networks with connected EV chargers.
If we were aware of all the potential vulnerabilities of always-on connected devices, technology companies and the digital industry may still be in their infancy. The price we pay for convenience often hides more sinister problems, especially related to security and vulnerability.
The latest news comes just in time for my 2019 New Year resolution to focus on design, security, and autonomous platforms.
Now that EVs are here to stay, security is the big, huge, white elephant in the room. Downplayed by the relative secrets we have at home, the real threats lie with loss of material and ransomware, which can cost a lot of money.
According to Green Car Congress, Kaspersky Lab has found a connected EV charger from a major vendor is vulnerable to cyberattacks. This means potential home network damage.
The good news is that, thankfully, electric vehicles (EV) are better tested today for vulnerabilities than a decade ago, according to the LA Automobility sessions we attended this year. Automotive security is taken more seriously by the industry.
Should EV Homes Use Firewalls With Connected EV Chargers?
You bet! Any network without firewalls and first-line defense is asking for trouble. The first connected utility smart meters highlighted the potential threats of an attack despite being kept from public scrutiny. Connecting EV chargers to a home network, wired or wireless, opens it to attack vulnerabilities.
It’s easy to think there is little to steal from our home networks and our digital systems. However, they can be hacked, enlisted in attack farms, and even become ransomware. This can cost a lot of money.
Kaspersky is a Russian security IT company making a strong push in the automobile security world. It was able to stop the charging processor of the EV charger and set it to the maximum current possible. The first option stops charging an EV, but the latter is dangerous. A power overload can bring down a home network or even cause a potential fire, which comes with financial consequences of course.
The problem with most wireless networks is the weak security shipped by default. Add to this artificial intelligence (AI) devices and hackers can access simple passwords. Kaspersky Lab found that 94% of attacks on IoT in 2018 came from Telnet and SSH password brute forcing, the act of guessing simple passwords. Once inside a wireless network, a charger’s IP address can be exploited to disrupt operations.
Green Car Congress says the vulnerabilities were reported to the vendor and have now been patched.
Security In An Era Of Always-On Connected Life
There are simple measures to take to better protect yourself. Kaspersky recommends regularly updating all smart devices to the latest software versions. (We further recommend reading the fine print of these updates. They are not always security oriented and can include future potential vulnerabilities. Updates patch previous vulnerabilities, not future exploits.)
It’s hard to imagine why anyone would use the default password for connected home devices, but it happens regularly. Commit to memory a strong password. Don’t write it or them down. There are open-source password vault systems available that have decades of updates. I value open-source systems, for which code is open for all to see and fix. Millions of coders fix problems faster than the closed-source industry can anticipate.
Don’t use the same password for several devices. Use a complicated root password and make several unintuitive changes to it depending on which devices you use. The more you think outside the box, the more difficult for hackers to predict your habits.
Compartmentalize your home network. Divide and keep your home network from your external devices. Use your Firewall DMZ feature. Compartmentalizing your home network is easier than it sounds. It just takes a little thinking and planning for a smoother experience.
Making Sense of Convenience and How To Use Security Intelligently
One thing came to light at LA Automobility 2018. The automotive industry is now serious about security. Our EVs and AVs are highly connected, and their weakest point is how we use (or overuse) convenience.
I run Linux and BSD Unix computers at home. 99% of the Internet uses those platforms for a reason. They are easy to use these days and much more secure than other alternatives. They come with hardened, tried and true security systems developed through decades of open and accessible updates. Also, it doesn’t hurt to understand how hackers think and behave.
We’ll revisit these topics and more on CleanTechnica in 2019 as I complete several security-related interviews.
IAPP, an association of security professionals.
MyCroft, an open-source AI voice assistant.
And of course, good old Wikipedia: Open Source Software Security.