I recently installed a Pod Point home charging station, and at the end of the process I was asked to connect the Pod Point charger to my home wifi network. As a security practioner, I couldn't help but wonder what the security implications would be. Pod Point reassured me that no personal data would be passed across the network but what worried me is that the charging point is open to be hacked via its onboard wifi access point.
As I searched Google for more information, the only security related information I could find dates back to 2013. Since then more than 15 times as many electric vehicles have been sold, however are the charging point companies taking cyber security seriously? With more than 1 million charging points predicted to be required by 2020, this should be on their agenda.
In a video recorded at Hack In The Box 2013 Amsterdam and posted courtesy of Help Net Security, Ofer Shezaf, founder of OWASP Israel, talks about the lack of security in these charging stations, which often amount to little more than a computer sitting behind a key-lock panel on the street. For three years, Shezaf, an application security expert, worked for a company that makes infrastructure for the car-charging stations. The equipment in a charging station typically includes these components, he says: Main board; Communication equipment to connect with a central server and, often, with the internet; An RFID card reader that lets users identity themselves and begin charging their cars; and Electric components, such as a circuit breaker to protect from electrocution and a meter to measure the amount of electricity consumed.