{"id":20652,"date":"2018-01-09T09:00:26","date_gmt":"2018-01-09T14:00:26","guid":{"rendered":"https:\/\/www.kaspersky.com\/blog\/?p=20652"},"modified":"2019-11-15T06:42:34","modified_gmt":"2019-11-15T11:42:34","slug":"electric-cars-charging-problems","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com\/blog\/electric-cars-charging-problems\/20652\/","title":{"rendered":"Don’t be sure charging your electric car is secure enough"},"content":{"rendered":"

During the past five years, electric cars have made an incredible journey, from seeming a bit futuristic and impractical to being something that you want to own. With prices having decreased significantly, the number of electric cars sold hit 2 million by the beginning of 2017<\/a>, and it is still growing. The infrastructure for electric cars is developing rapidly, so charging stations in your neighborhood don\u2019t look so odd anymore, either.<\/p>\n

But, as usually happens with a rapidly developing economic opportunity, manufacturers are jumping into the competition, trying to get as big a piece of the market as they can, and not thinking too hard about what happens next. Of course, we\u2019re talking about security. Not safety, in this case \u2014 an electric charger is unlikely to injure you \u2014 but cybersecurity. Existing implementations of the basic concept \u2014 paying and charging \u2014 aren\u2019t very concerned about the sanctity of your personal data and money. Mathias Dalheimer raised this issue at the thirty-fourth Chaos Communication Congress<\/a>, in his talk about the vulnerabilities of the electric car infrastructure.<\/p>\n

How the charging actually works<\/h2>\n

As the number of electric cars grows, so does the number of charging stations, where station providers receive money in exchange for providing energy. For those transactions, they need a built-in billing system. Before you can start charging your car, you need to identify yourself using your charging ID token, a special near-field-communication (NFC)<\/a> card that is associated with your account.<\/p>\n

The billing for electro mobility is normally carried out using the Open Charge Point Protocol, which regulates communications between billing management systems on one end and the electric charging point on the other end. The charging point sends a request identifying you to the billing system; billing management approves the request and lets the charging point know; and the station lets you start charging. Afterwards, the amount of electricity is calculated and sent back to the billing management system so that it can bill you at the end of the month.<\/p>\n

Nothing surprising or even really new there, right? Well, let\u2019s take a closer look and see where the problems begin.<\/p>\n