In the wild: Electric Car-Charging Station reveals Software Version, Firmware Version and Asset ID !

While hitting the local Walgreens for a late afternoon caffeine fix, I was intrigued by the new charging station they recently installed. I am all for clean energy; I am a fan of Tesla and development of Electric cars – so this was pretty great to see this Charging Station in my neighborhood.

Upon closer inspection, I noticed some things and I snapped a pic:

3_pump

There is no reason, (other than to help a hacker who wants to compromise this device) to show the Software Version, Firmware Version and Asset ID on the public facing screen.

This info tells the bad guys whether or not their crafted malware will work on this station; this tells them what feature sets are on; and if they’ve done their homework, what bugs are present in these versions. To me, this is just plain unacceptable to have this level of unnecessary technical data out there in plain sight for all to behold.

This Charing Station is another IOT device out there for the taking.  If you want to go deeper, [ insert Leo DiCaprio squinting his eyes jpeg ], The industry White-Hat expert on Electric Car-Charging Station hacking, Ofer Shezaf, explains the dangers of vulnerable charging stations in his detailed .pdf.

Stay Safe!

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s