Ethical Hacking News
A recent study has revealed significant vulnerabilities in the firmware of many publicly available EV chargers, which could potentially be exploited by attackers to disable all of a city's public EV chargers. The researcher who presented his findings at the Black Hat Asia conference believes that the vulnerabilities are a result of developers prioritizing user convenience over security, and highlights the need for manufacturers and providers to prioritize security in the IoT sector.
Public EV chargers have been found to have vulnerabilities that could be exploited by attackers to disable entire city's networks of EV chargers. Many EV charging station apps contain weak security vulnerabilities, such as debugging ports and shared authentication keys. The use of phantom clients could be exploited by attackers to charge cars or rent scooters at zero cost, causing significant financial losses and disruptions. The vulnerabilities are attributed to developers prioritizing user convenience over security.
The world of Internet of Things (IoT) is rapidly expanding, and with it comes a growing concern about the security of these connected devices. One area that has been particularly affected by this concern is public Electric Vehicle (EV) chargers. According to a recent study published at the Black Hat Asia conference, researchers have discovered vulnerabilities in the firmware of many publicly available EV charging stations, which could potentially be exploited by attackers to disable all of a city's public EV chargers.
The researcher, Hetian Shi, from China's Tsinghua University, presented his findings during a talk titled "Black Hat Asia Developers of rented internet of things infrastructure – stuff like public EV chargers and shared e-bikes – are prioritizing user convenience over security, and leaving themselves exposed to wide-scale denial of service attacks on their services." During his presentation, Shi demonstrated how he was able to access the backend services of a Chinese provider of public electric vehicle charging stations using the app that users could download to access these chargers.
Shi's research revealed that many EV charging station apps published by providers in both China and Europe contain weak security vulnerabilities. For example, some devices include debugging ports or UART connectors that allow an attacker to examine their operations with relative ease. Additionally, Shi found shared authentication keys in device firmware and backend services that do not properly authenticate users.
Furthermore, Shi's research also showed that the use of phantom clients could be exploited by attackers to charge cars or rent scooters at zero cost. This is a particularly concerning finding, as it highlights the potential for malicious actors to exploit vulnerabilities in these systems to cause significant financial losses and disruptions.
Shi developed a tool called "IDScope" that makes it possible to exploit many of the flaws he found. He demonstrated this tool during his presentation by running the iOS app for a Chinese provider of public electric vehicle charging stations and, using the ID number listed in the app, disabling a charger.
The implications of these findings are significant, as they suggest that an entire city's network of EV chargers could be taken offline through denial-of-service attacks. This would have a profound impact on urban infrastructure, particularly in cities where EVs are becoming increasingly popular.
Shi believes that the vulnerabilities he discovered are a result of developers prioritizing user convenience over security. He suggests that as IoT continues to expand, it is essential for manufacturers and providers to prioritize security to prevent similar vulnerabilities from being exploited in the future.
In conclusion, the vulnerability of public EV chargers highlights the growing concern about the security of IoT devices. As these devices become increasingly connected and interdependent, it is essential for developers and manufacturers to prioritize security to prevent similar vulnerabilities from being exploited in the future.
Related Information:
https://www.ethicalhackingnews.com/articles/The-Vulnerability-of-Public-EV-Chargers-A-Growing-Threat-to-Urban-Infrastructure-ehn.shtml
https://go.theregister.com/feed/www.theregister.com/2026/04/24/rentable_iot_security_flaws/
https://hackingarchivesofindia.com/hacker/aakansha_saha/blackhat_eu_2023/
https://malpedia.caad.fkie.fraunhofer.de/actor/apt21
Published: Fri Apr 24 00:07:56 2026 by llama3.2 3B Q4_K_M
