Charging station: a computer on the street

“Tesla Model S hacked: Researchers discover six security flaws in popular electric car.” At a time when cars are becoming more and more high-tech and connected with all kinds of management systems, the dangers of them becoming targets of hackers is increasing. According to the various articles on the subject, Tesla decided to actually hire hackers to see how far they could get. Smart move, I say.

 

Hackers used to be viewed as people who sat in the attic all day programming. No one really seemed to pay too much attention to hackers back then. Their world sounded complicated already, and very few tried to understand it. Hacking back then was a relatively accepted reputation and the term hacker was just a label slapped onto computer gurus who could push computer systems beyond defined limits.

However, now that our society depends on technology more and more, hacking has become a more serious matter and the potential for hacking cars has gotten real. Recently, it has been reported that even electric vehicle supply equipment’s better known as charging stations, have also become an interest for hackers. How? Or better yet, why?

The components in a charging station usually consist of the following components, which all together, make one ‘computer’:

  • A main board;
  • A communication unit to connect with a management system;
  • A RFID card reader;
  • The needed electrical components.

Why all these high-tech components? Public charging stations need to be able to connect with management systems to check, for example, if a charging card is allowed to charge at that specific charging station. This way, users can charge their electric vehicles and pay for the charging session.  Moreover, controls are needed to regulate the power supply, not everybody can be charging at a full power supply all the time, the system would fry.

So, we basically have a computer on the street and now information security comes to the picture, as does the concern about confidentiality of private information. Hacking a charging station may sound simple, but it is not and manufacturers take many precautions to prevent this.

Ofer Shezaf, product manager security solutions at HP ArcSight, elaborates: “You need a subject matter expert. That limits the number of people who can do it. For one thing, encryption is a key challenge of securing charging infrastructure. But encryption is a tough subject. There just aren’t that many people who know how to break it.”

“Essentially a charging station is a computer on the street,” Shezaf said. “And it is not just a computer on the street but it is also a network on the street.” We don’t see charging stations getting hacked or, for that matter, planes falling out of the sky, but we do see virtual hacking galore. The reason, Shezaf proposes, is that physical damage frightens us, from an evolutionary standpoint.

A few tips and tricks about safety

“Set up an over-the-air update system – Car manufacturers need to be able to push new firmware to cars and they ensure this process is smooth by enabling all cars to have a mobile network free of charge.

Have strong separation between drive and non-drive systems – Manufacturers must separate infotainment systems and the critical drive systems, tightly controlling communication between them, just as commercial airliners isolate inflight Wi-Fi networks from critical avionic systems. If any gateway between them exists, it must be heavily secured. Otherwise you’re effectively saying the iPhone connector and the brakes are of the same safety concern.

Secure every individual component in your system to limit the damage from any successful breach – First off, assume that hackers can compromise any one system. In a good security architecture, access to one system doesn’t give you access to another. If you hack system A, you do not automatically get access to the entire vehicle. Manufacturers must make it extremely difficult to get access point blank. This is called the daisy chain(or kill chain), and this method was used in order to gain escalated privileges within Tesla’s systems.”

–        Mahaffey and Rogers

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s