Hackers target electric car chargers

(Image credit: Shutterstock)

Criminals could be hacking into connected car chargers gain access to home networks, according to new warnings.

Research from Kaspersky Lab has found that the chargers supplied by an (unnamed) major electric vehicle (EV) vendor carry vulnerabilities that can be exploited by cyberattackers. 

Kaspersky Lab found that, if compromised, hackers could access the Wi-Fi network and alter the power usage to overload the connected charger, causing a surge that could take down its network.

As many EVs and their chargers are connected to private home networks, the likelihood is that the security protections are likely to be lower than a business network. Having gained this access, hackers could find the charger’s IP-address, allowing them to exploit any vulnerabilities and disrupt operations, such as disabling or damaging the vehicle or any others connected to the network.

EV charging security

“It’s very easy to forget that in a targeted attack, cybercriminals tend to look for the least-obvious elements to compromise in order to go under the radar and remain unnoticed," said David Emm, Principal security Researcher at Kaspersky Lab.

"For this reason, it is important not only to investigate unresearched technical innovations, but also to look for vulnerabilities in accessories. Vendors must be very careful with connected vehicle devices, and initiate bug-bounties or ask cybersecurity experts to check their devices. We were fortunate in this case to have a positive response and a rapid patch of the devices, which helped to prevent potential attacks."

The company says it reported the flaws to the affected carmaker, and that these have now been patched, but still recommends regular updates to all your smart devices, and changing passwords from the default.

Kaspersky Lab added that it recommends users isolate the smart home network from the network used by your or your family’s personal devices for basic Internet searching. This is to ensure that if a device is compromised with generic malware through a phishing email, your smart home system won’t be affected.