Security Vulnerabilities in EV Charging Stations

[Heliian]

15 minutes ago, FrozenIpaq said:

3-4 hours of driving each way can be seen as a regular thing to do on a Friday night and come back on a Sunday

Ya, that's not a regular thing for most people and if it is for you then you need a vehicle that's suitable.  Not everyone needs an EV but I'd recommend it if it fits your use case. 

 

To the main topic, no, I wouldn't worry about that.  It's like people claiming to access aircraft systems through the onboard WiFi or entertainment system, it just doesn't work that way.  

 

Most lvl3 stations are app based, the attack vector is through the app servers or your phone, the last place you're going to try is through the chargers and to what intent? I'd be more worried about people stealing the copper from them.  

 

EVs are becoming very popular, even in the colder north and more rural settings so expect more unsubstantiated shade being thrown from those loud angry internet denizens. 

 

Personally, I absolutely love my lightning and the next car will be an EV.

 

 

 

 

[Holmes108]

1 hour ago, FrozenIpaq said:

 

I'm assuming cooky might be in the US. If that's the case, it's fairly regular for people to take weekend trips to see relatives or a second house (think vacation house if you have money) over the weekend and cover it in that amount of distance - 300 is a bit much on that scale though but usually 3-4 hours of driving each way can be seen as a regular thing to do on a Friday night and come back on a Sunday. 

 

Yep, in the summer for sure. That was my childhood, lol. We didn't have a cottage, but went camping a lot.

 

Edit: Probably more like 2-3 hours each way for me. But I knew many who did 3+ hour drives to the cottage regularly.

[rcmaehl]

22 hours ago, wanderingfool2 said:

I always have issues with videos that us AI generated voices and doesn't really provide sources or technical writeups.

Same

WHERE ARE MY SOURCES?

[wanderingfool2]

23 hours ago, OhYou_ said:

Tesla encrypts the communication between charger and car, also being the only car to transfer technically payment info over the cable. 

Where do you get the notion it does this?  No need to send payment information when it can just communicate something as simple as the VIN number/account name (at which point Tesla's backend servers know which vehicle it is and whose account to charge).  The payment information was already setup before, so it does not need to be transferred...even to the chargers themselves they don't technically need to deal at all with credit cards.

 

22 hours ago, Bombastinator said:

Hydrogen is the only thing we got right now that has the speed of refueling and energy density needed long term

Energy density doesn't quite work though (unless you start talking like Semi level or large vehicles).  The conversion from hydrogen to electricity takes up a large amount of space, and it's a slower reactive technology as well which means you still need a battery (lot smaller) to store the brake energy and hydrogen energy if you start accelerating quickly.  So when you start dumping all that into a vehicle the weight becomes quite a bit (the reason I discount burning hydrogen is that it's inefficient to the point that I don't think it ever would even compete).

 

To put it in perspective, the Mirai has the same weight as EV's of similar size.

 

5 hours ago, LAwLz said:

Again, maybe this is just me being Swedish and it's a cultural thing, but I genuinely can't imagine a world where someone has to regularly take these very long trips regularly and the car is the best method of transportation. In my world, these trips are very rare and if they do occur we don't use cars. Not to mention that the whole "let's drive for 5 hours straight" is just not something I think anyone should do, regardless of how much range your car has. People are not able to focus for that long.

Land density and distance between cities.  You end up having a bunch of for example farm land in the US and Canada....or if lets say I wanted to visit my family back east as a road trip...it would be equivalent of driving around all of Sweden twice.  In general we are a whole lot more spread out between cities.  If I want to visit some friends in the interior their place would be about 3.5 hours at mostly highway speeds away.  Although in that case an EV still works.

 

4 hours ago, FrozenIpaq said:

but usually 3-4 hours of driving each way can be seen as a regular thing to do on a Friday night and come back on a Sunday. 

The thing is a 3-4 hour drive is achievable on EV's.  Not a 300 mile one, but I think Cooky would have to be an outlier there.

 

For, I think, the majority of people when EV's don't make sense is when they have no easily accessibly power to plug in during work/home.  If you do have a work and home charging, the majority can get away with even 120v15a outlets...if it's just at home if you get a 240v 20 a outlet installed it can even provide enough power for people who do weekend excursions that drain the battery.

 

20 hours ago, Bombastinator said:

Canadian winters don’t enter.  The range reduction ev batteries suffer happens in even a regular winter.  It’s about a third

I think the newer Tesla's with the heat pumps are said to only lose about 15% capacity.  Either way, with the range of EV's these days (the long range models, which are admittedly still expensive) likely fits the overwhelming majority of people's needs (if you exclude those who can't charge at home)

[Bombastinator]

5 minutes ago, wanderingfool2 said:

Where do you get the notion it does this?  No need to send payment information when it can just communicate something as simple as the VIN number/account name (at which point Tesla's backend servers know which vehicle it is and whose account to charge).  The payment information was already setup before, so it does not need to be transferred...even to the chargers themselves they don't technically need to deal at all with credit cards.

 

Energy density doesn't quite work though (unless you start talking like Semi level or large vehicles).  The conversion from hydrogen to electricity takes up a large amount of space, and it's a slower reactive technology as well which means you still need a battery (lot smaller) to store the brake energy and hydrogen energy if you start accelerating quickly.  So when you start dumping all that into a vehicle the weight becomes quite a bit (the reason I discount burning hydrogen is that it's inefficient to the point that I don't think it ever would even compete).

 

To put it in perspective, the Mirai has the same weight as EV's of similar size.

 

Land density and distance between cities.  You end up having a bunch of for example farm land in the US and Canada....or if lets say I wanted to visit my family back east as a road trip...it would be equivalent of driving around all of Sweden twice.  In general we are a whole lot more spread out between cities.  If I want to visit some friends in the interior their place would be about 3.5 hours at mostly highway speeds away.  Although in that case an EV still works.

 

The thing is a 3-4 hour drive is achievable on EV's.  Not a 300 mile one, but I think Cooky would have to be an outlier there.

 

For, I think, the majority of people when EV's don't make sense is when they have no easily accessibly power to plug in during work/home.  If you do have a work and home charging, the majority can get away with even 120v15a outlets...if it's just at home if you get a 240v 20 a outlet installed it can even provide enough power for people who do weekend excursions that drain the battery.

 

I think the newer Tesla's with the heat pumps are said to only lose about 15% capacity.  Either way, with the range of EV's these days (the long range models, which are admittedly still expensive) likely fits the overwhelming majority of people's needs (if you exclude those who can't charge at home)

I wasn’t referring to “non engine” hydrogen but to hydrogen in general.

 

The Tesla thing is real possible that stuff is battery chemistry based.  Change the battery chemistry you change that number.  AFAIK teslas had heat pumps for a much longer time.  Possibly always.  It’s just the Leaf where it wasn’t standard till recently.  I wasn’t warned about it being an issue for Teslas.  I had planned to get a used Y, but they were almost twice what new ones cost which is the opposite of how it normally works.  So they were out and I wound up with a Leaf as that was the other electric car with a decent range I can fit in. (The irony is the mini is roomier than both of them.  Fairly counter intuitive, but it’s great for big/tall people.  Penn of Penn&Teller drives one)

Edited June 2, 2023 by Bombastinator

[OhYou_]

7 minutes ago, wanderingfool2 said:

VIN number/account name (at which point Tesla's backend servers know which vehicle it is and whose account to charge).

tesla is not stupid. the data is encrypted, otherwise hundreds of people would just spoof it and charge for free. 

the charger probably does not use the vin, but a UUID from the car to know what car it is and account it is tied to. 

it isnt directly payment info but it is info that can be used to pay for something, ie replay your info to another charger to charge on your account a different car. 

 

[Bombastinator]

9 minutes ago, OhYou_ said:

tesla is not stupid. the data is encrypted, otherwise hundreds of people would just spoof it and charge for free. 

the charger probably does not use the vin, but a UUID from the car to know what car it is and account it is tied to. 

it isnt directly payment info but it is info that can be used to pay for something, ie replay your info to another charger to charge on your account a different car. 

 

VIN is a known number though, so get a large enough sample and you can hack the encryption as long as it’s static.  I watched a guy do that in his head once for photoshop 3.5.  He did a lot of photoshop 3.5 installs.

Edited June 2, 2023 by Bombastinator

[wanderingfool2]

12 minutes ago, OhYou_ said:

tesla is not stupid. the data is encrypted, otherwise hundreds of people would just spoof it and charge for free. 

the charger probably does not use the vin, but a UUID from the car to know what car it is and account it is tied to. 

it isnt directly payment info but it is info that can be used to pay for something, ie replay your info to another charger to charge on your account a different car. 

 

I never said Tesla didn't encrypt.  I was saying they don't send payment information over that link; which you clearly said was sent.  They very most likely use a VIN, because a VIN identifies the vehicle.  There was also a reason I mentioned account name, and not just VIN.

 

There would of course be other verification processes, but I don't think it's right to say that Tesla sends payment information over the cable as that has a whole different connotation to it.

 

9 minutes ago, Bombastinator said:

VIN is a known number though, so get a large enough sample and you can hack the encryption as long as it’s static.  I watched a guy do that in his head once for photoshop 3.5.  He did a lot of photoshop 3.5 installs.

They wouldn't use things like the VIN for the encryption process (literally by rule it has to be visible on the car).  They likely just exchange public keys, and communicate there (the car side likely has some certificate authority as well to check the public key given is correct)

[OhYou_]

2 minutes ago, wanderingfool2 said:

which you clearly said was sent

i said "technically payment info" 
*clearly*
I was quoting the op topic which is something something "hurr durr hackers can steal your payment info from car chargers". 
Tesla being the only charger brand that can technically be classified as such. 

[wanderingfool2]

1 hour ago, OhYou_ said:

i said "technically payment info" 
*clearly*
I was quoting the op topic which is something something "hurr durr hackers can steal your payment info from car chargers". 
Tesla being the only charger brand that can technically be classified as such. 

It's not really payment information though, since even if it was unencrypted it would still have verification checks.  If you try claiming that the author somehow thought you could steal payment info then it's equally as bad to state that Tesla sends payment information as it's just misinforming based on what you know the person will interpret it as.

 

Also you incorrectly assume what the OP is talking about.  Lots of those charging stations have things where it's tap to pay or similar methods.  Having a vulnerable charging station that isn't Tesla actually would be a lot more impactful than a Tesla charging station because there is so many more interactions that one can do with it.

[Bombastinator]

2 hours ago, wanderingfool2 said:

I never said Tesla didn't encrypt.  I was saying they don't send payment information over that link; which you clearly said was sent.  They very most likely use a VIN, because a VIN identifies the vehicle.  There was also a reason I mentioned account name, and not just VIN.

 

There would of course be other verification processes, but I don't think it's right to say that Tesla sends payment information over the cable as that has a whole different connotation to it.

 

They wouldn't use things like the VIN for the encryption process (literally by rule it has to be visible on the car).  They likely just exchange public keys, and communicate there (the car side likely has some certificate authority as well to check the public key given is correct)

They put it lots of places though.  That’s why there are “matching numbers” classic cars.  Means those parts haven’t been replaced. The “Original VIN” isn’t even the one on the dash.  It’s stamped into the frame, which usually isn’t easily visible.  Engine block as well.  Which is why you sometimes see engine replacements but not frame replacements. You change out the frame you change out the car.  There is a company that does jag restomods by finding old Jaguar frames and completely redoing them.  If the frame is ‘68 Jaguar the car is ‘68 Jaguar even if every other part is new.

Edited June 2, 2023 by Bombastinator