As bad as this may seem, and not to try to downplay it, this seems like a good time to remind people that this kind of vulnerability isn't limited to cars charging at public spaces. Any time you connect devices to anything in a space you don't control, you're vulnerable. That goes for public wifis (many of which are just businesses farming your data + hacker risks), and public charging stations that could have compromised chargers with malware.
this post was submitted on 08 Jul 2023
96 points (94.4% liked)
Technology
59358 readers
7317 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
Also, people have been putting skimmers and other things on gas pumps for a loooong time and stealing credit cards.
Can confirm. I had my CC skimmed at a gas pump before I bought my EV.
The thing is, I have only used public chargers maybe 10 times total. 99% of the time I plug it in at home where I know no one is gonna steal my CC number.
My mom always told me I should clean public toilet seats before I sat down, otherwise I’d get an STD or something worse.
As awful as it is, this should be a wake up call that systems need to be protected and security can't be an afterthought. Ev charging stations just be money trees for corporate groups to set and forget without consequences.
I don't feel bad at all for them. I will say that the political jab is absolutely trash tier though. What kind of mongoloid berates proponents of clean energy (rhetorical).
Electrify America just can't catch a break, can they?
I mean, the one and only reason they exist was because Volkswagen got caught cheating diesel emissions tests. As part of their punishment, they were required to create an ev charging network, and it seems they've been dragging their heels the whole time, trying to make it fail.
They work reasonably well, and with our ID.4 it comes with 3 years of free 30 min charging sessions with E.A. That got us from Dallas to California and back.
You mean like all the cars skimmers already found at pay at the pump systems or ATMs? Shocking.
Recalls that at least one brand of EV charger has no screens or keypads and works completely off vehicle hand shake or app unlock, has high uptime from constant monitoring.. Can’t remember the name… hmm
Expecting all network operators to do that is not feasible or reliable. Tesla controls the car, protocol, charger, and payment processing. Everyone else outside the walled garden is openly handling a much bigger market with many more variables in more countries. Forcing customers to use an app for each brand of charger is also an accessibility nightmare. Fear mongering about skimmers is a dumb reason to remove traditional payment methods.
This is all before we get to the lack of screen or keypad means fuck all to security (it's also an accessibility issue to remove them). If I can break into a Tesla charger wirelessly and fuck with your car, I'm going to do it, walled garden or not. Just look at the state of IoT.
EDIT: This comment aged well https://thedriven.io/2023/07/18/tesla-supercharger-spotted-with-credit-card-reader/
Tesla controls the car, protocol, charger, and payment processing.
They support CCS as the protocol
Everyone else outside the walled garden is openly handling a much bigger market with many more variables in more countries.
Tesla has more cars than just about all the rest of the market.. Name a charing provider that operates in a country tesla does not?
Forcing customers to use an app for each brand of charger is also an accessibility nightmare.
Funny enough a large number of these charging providers require that ON TOP of having poor monitoring and security for the charging terminals.
Fear mongering about skimmers is a dumb reason to remove traditional payment methods.
Didn't really suggest removing them, I pointed out it is already an issue at nearly all gas stations. Not a new problem.
If I can break into a Tesla charger wirelessly and fuck with your car
Already started to happen with ICE cars back in 2015 are already vulnerable to wireless exploit, no charging network or gas station needed. At least with a Tesla you get quick wireless security updates, no waiting for a recall notice and trip back to the dealer.
They support CCS as the protocol
CCS is is only supported through a PLC translation chip on the vehicle side or a rare Magic Dock adaptor, and only when one side is non-Tesla. Outside of that, CCS is not a factor and the proprietary 11bit CAN bus protocol is used natively. Hence, Tesla controls every side of the equation on their protocol and payment processing without having to communicate with 3rd parties.
Name a charging provider that operates in a country tesla does not?
ABB chargers in India
Tesla you get quick wireless security updates, no waiting for a recall notice and trip back to the dealer.
This isn't new or innovative. OTA updates for cars have been around years before EVs. But usually those don't stop the car from starting then still be towed to said dealer because the update wasn't properly tested or have fallbacks in case of failure.
Point is, shit is going to happen across the board for everyone and Tesla is NOT some golden child. It'll just be another Apple case where dumb security claims get touted until hackers bring them down a peg or two.
CCS is is only supported through a PLC translation chip on the vehicle side or a rare Magic Dock adaptor, and only when one side is non-Tesla.
In the US, in Europe they have the CSS2 plug, and owners of other cars can use the Tesla App to charge at super chargers. (if we are talking globally not just NA)
ABB chargers in India
The do have superchargers there, but they aren't active due to the hang up of selling cars there. Would argue that Tesla operates a reliable charging network in more countries than any other charging network does currently.
Point is, shit is going to happen across the board for everyone
Yep, it just sounded like you were suggesting this was an EV thing or a Tesla thing.. It isn't everyone needs to do better at security.
Going back to the main topic. It seems odd that so many "dedicated" charging providers SUCK at being charging providers.
/c/ABoringDystopia
I don't know. If a hacker in a 90's movie did this it would a cool trick to impress everyone. He'd tell everyone about it in his introduction speech, and later on he'd do it in the background for comedy relief.
view more: next ›