While hitting the local Walgreens for a late afternoon caffeine fix, I was intrigued by the new charging station they recently installed. I am all for clean energy; I am a fan of Tesla and development of Electric cars – so this was pretty great to see this Charging Station in my neighborhood.
Upon closer inspection, I noticed some things and I snapped a pic:
There is no reason, (other than to help a hacker who wants to compromise this device) to show the Software Version, Firmware Version and Asset ID on the public facing screen.
This info tells the bad guys whether or not their crafted malware will work on this station; this tells them what feature sets are on; and if they’ve done their homework, what bugs are present in these versions. To me, this is just plain unacceptable to have this level of unnecessary technical data out there in plain sight for all to behold.
This Charing Station is another IOT device out there for the taking. If you want to go deeper, [ insert Leo DiCaprio squinting his eyes jpeg ], The industry White-Hat expert on Electric Car-Charging Station hacking, Ofer Shezaf, explains the dangers of vulnerable charging stations in his detailed .pdf.