From bec2451e4f92ffe60c2371145d408e6ca229cd62 Mon Sep 17 00:00:00 2001 From: 46halbe <46halbe@berlin.ccc.de> Date: Wed, 27 Dec 2017 07:19:45 +0000 Subject: committing page revision 1 --- updates/2017/e-motor.en.md | 88 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 88 insertions(+) create mode 100644 updates/2017/e-motor.en.md (limited to 'updates/2017') diff --git a/updates/2017/e-motor.en.md b/updates/2017/e-motor.en.md new file mode 100644 index 00000000..3b0aff81 --- /dev/null +++ b/updates/2017/e-motor.en.md @@ -0,0 +1,88 @@ +title: Chaos Computer Club hacks e-motor charging stations +date: 2017-12-27 00:43:00 +updated: 2017-12-27 07:19:45 +author: 46halbe +tags: update, pressemitteilung +previewimage: /images/NFC-Karten-Analysewerkzeuge9.jpg + +Currently, the infrastructure for charging electronic vehicles is rolled out in Germany – once again without paying much attention to IT security. The convenient charging cards are currently so insecure that it is not advisable to use them. It is trivially possible to charge your car while having someone else unknowingly being forced to pay. Nearly all charging cards are affected by this vulnerability. Charging network providers that issue these cards have refused to fix the security problems, despite being given several months pre-warning. The details of the vulnerabilities will be presented in detail today at the 34th Chaos Communication Congress at 12:45 in Leipzig. + + + +Electric cars are recharged at an electric vehicle charging station +instead of a gas pump. The stations usually offer a three-phase current +connector, through which the necessary charging performance is achieved. +In public spaces charging operations are sometimes deducted from +charging cards by the operators. A number is stored on these charging +cards, which the charging station uses to identify the customer. +Unfortunately, this number is completely public and can be copied as +often as desired. Therefore, it is possible to easily clone a charging +card. + +„The operators have not implemented basic security mechanisms“, said CCC +member Mathias Dalheimer who will explain the details of the hack today +at 34C3. „This is as if I would pay with a photo copy of my debit card +at the discounter − and the cashier accepts it.“ + +The communication between charging stations and the billing back-end is +not protected as well. The card number is transmitted without encryption +directly to the provider. Little technical effort is necessary to +intercept this communication to harvest customer card numbers. With +these numbers it is possible to either forge charging cards or – even +more simple – simulate charging events. Using this method a provider of +charging stations can easily inflate its revenue. + +The charging stations themselves are also insecure. Most stations allow +manipulations of their configuration and firmware updates via USB stick. +Since this update mechanism is frequently insecure – like with KEBA +models – arbitrary code can be inserted into the charging station. By +this method an attacker for example can make charging free for all or +can harvest customers' card numbers to make charges at their cost. + +Customers will have a hard time to proof these types of misuse. +Especially when roaming, when their charging card is accepted at the +station of a different provider, the settlement of fees happens much +later. Weeks can pass before the misuse of their charge card number is +noticed. The providers of the charging networks have acknowledged the +problems but see no reason to take action. „New Motion“, for example, +said that they do not know of misuse cases and that their customers +should please take a look at their billing statement. \[0\] A change to +a more suitable method of payment is not planned, so customers currently +are forced to live with this inacceptable situation. + +We demand: + +- The security of the charging stations has to be raised to the state + of the art. +- Charging station operators must offer secure payment methods to + their customers. +- The payment data has not only to be protected within one charging + cycle, but also when roaming between different charging operators as + well. + +  + +**Links**: + +\[0\] [Statement of „New +Motion“](https://www.goingelectric.de/forum/oeffentliche-ladeinfrastruktur/ladekarten-sind-unsicher-wie-man-auf-fremde-rechnung-laedt-t27590-50.html#p628169) +(German) + +\[1\] More technical details and +videos:  (German) + +\[2\] Electric car +simulator: [https://evsim.gonium.net](https://evsim.gonium.net/) + +\[3\] Videos on Youtube: + + + + + + + + + +\[4\] Live-Streaming: [Information on streams and +videos](https://events.ccc.de/congress/2017/wiki/index.php/Static:Streams) -- cgit v1.2.3