Home car charger owners urged to install updates
Security vulnerabilities in two domestic electric car chargers were discovered by researchers.
www.bbc.co.uk
-
Want to remove ads? Register an account and login to see fewer ads, and become a Supporting Member to remove almost all ads.
Wallbox and Project EV charger owners urged to install updates
- Thread starter Drew57
- Start date
bryand
Member
The box on the wall is just a connector and a switch. The charger is built into the car.
I've been using the charge lead that came with the car for 6 years without any problem (connected to a 32A Commando socket) so fancy connection boxes really aren't necessary.
I've been using the charge lead that came with the car for 6 years without any problem (connected to a 32A Commando socket) so fancy connection boxes really aren't necessary.
I'm surprised at how many of these wall-boxes use Raspberry Pi [Mini]s for their control. On one hand it's cheap, relatively versatile, and easy to program but largely seems overkill for the job in hand.
Keep meaning to yank the microSD card out of the one in my EO Mini and see how they've set it up.
Keep meaning to yank the microSD card out of the one in my EO Mini and see how they've set it up.
Main advantage is current limiting and charge scheduling more than anything else, I think. Also mine is turned off when there's no one home so someone can't casually park on my drive and fill their car up from my tap.
Cheap way to get a system out to market without the need for skilled engineers. The same reason you see ATMs running Windows
pdk42
Active Member
This seems a bit of a non-story. As I understand it, in one case there is a vulnerability on the charge point itself if the WiFi network to which it’s connected itself has some poor security; and in another the charge point back-end had some weak security on its web svc api that the manufacturer has already fixed.
I don't see any advantage for a small volume product in integrating your own processor on a board. Sure there is a small cost saving possible if you integrate everything on a single PCB and don't fit the components you don't need, but the generic boards are built in high volume and have plenty of small details to catch people out.Cheap way to get a system out to market without the need for skilled engineers. The same reason you see ATMs running Windows
Chargepoint developers seem to cut corners everywhere though.
I agree it’s a bit of non-story. Any kind of device that you connect to a network should be kept up to date with security updates if they are available and if there is a default admin password, change it.
This kind of thing happens quite often it’s just that it doesn’t usually appear on a general news site. A vulnerability is found in a system and the manufacturers are informed and are given time to correct it before the details of the vulnerability are made public.
PR-UK
Member
I wouldn't say it's a non-story it's a computer connected to your home network and sat outside your house. Those running raspberry-pi's I expect are running some build of linux and so could be loaded with all kinds of network scanning, remote access, and brute force tools, all whilst breaking the built in update process and silently attacking your network.
The only reason it's unlikely to be exploited is due to the low number of installed units.
Home routers really need to up their game and start allowing devices to be isolated from the internal network whilst still allowing internet access.
The only reason it's unlikely to be exploited is due to the low number of installed units.
Home routers really need to up their game and start allowing devices to be isolated from the internal network whilst still allowing internet access.
I agree but running a full Linux stack, which probably hasn't be hardened correctly is just asking for trouble, runs the risk of frequent updates required to kept up to date with security vulnerabilities and those updates can be large/complex which increases the risk of failed updates/bricked devices.
Similar threads
- Locked
- Marketplace listing
