back to article 'Leccy-stealing, grid-crippling hackers could take down EV-juicing systems

Hackers may soon starting abusing electric car charger systems to cripple the electricity grid or as part of money-making scams, a security researcher warns. Ofer Shezaf, product manager security solutions at HP ArcSight, told delegates at the Hack in the Box conference in Amsterdam that if the industry fails to start securing …


This topic is closed for new posts.
  1. Oor Nonny-Muss

    I did wonder what was stopping me pulling up at the free EV juice point (in say a supermarket car park) with a van load of car batteries (connected via suitable circuitry and a compatible plug of course) to charge to supply my off-grid lifestyle... seems the answer is "nothing". Yay.

    1. NomNomNom

      nothing is stopping you I guess. same with disabled spaces. as long as you limp no-one says anything.

    2. Suricou Raven

      There is a billing and metering system, so you'd have to hack it.

      You could do that by the high-tech method, but in this case I'd look at the low-tech way first: Get a triangle key, pop the cover. Somewhere in there will be a high-current relay. Just jab a wrench in between the big terminals. Hello, power!

      Well, it might be a bit more complicated than that, really... but probably not much. It's basically just a big power supply, and you can't encrypt electricity. Find it, tap it, steal it.

  2. Mage Silver badge


    No-one can afford to build the Grid to supply "mainstream" 'leccy" cars.

    1. Don Jefe

      Re: Mainstream

      That's what people told Henry Ford too: "Nobody is going to buy your cars. There's nowhere to buy fuel but you can feed a horse anywhere". We all know how that ended...

      Besides, the grid is already in place. Building the interface to that grid is the challenge.

      1. NomNomNom

        Re: Mainstream

        reminds me that people used to say you can lead a horse to water but you cant make it think. But in the end someone managed to find a way to make horses think.

      2. Naughtyhorse

        Re: Mainstream

        well there is a little bit more to it than that.

        seeing as we have so cleverly been sweating the assets of our pre-privatised rolls royce engineered grid for the last 30 years, it's pretty much on it's last legs now. with many systems running over 130% of their ratings for part of the day.

        Add to it 20 million people wanting to charge their noddy cars too, brings pictures of camels and straws to mind.

        I'm sure it will work....eventually, but it will be a struggle.

        And as for hacking leccy in general--- rly? you are aware that the countryside is teeming with unguarded 11kV/LV transformers with open terminals as we speak, and the only times I ever hear of someone nicking the stuff, is when they fuck up and, briefly, become part of the network.

        meter fraud in general is more widespread and AFAIK no one gets away with it for that long (then again, if they did, I suppose I wouldn't know about it!)

        1. Alan Brown Silver badge

          Re: Mainstream

          "And as for hacking leccy in general--- rly? you are aware that the countryside is teeming with unguarded 11kV/LV transformers with open terminals as we speak, and the only times I ever hear of someone nicking the stuff, is when they fuck up and, briefly, become part of the network"

          That's when they're stealing the copper.

          Stealing electricity goes on all over the place. It's fairly trivial to bypass the meter and the kit to make it look innoculous enough to not arouse suspicion is readily available too. The whole system relies on honesty because people are (for the most part) honest.

          What usually gives the game away is heat emissions - most cases of rampant power theft are for grow-houses, but meter readings falling to nearzero per month is a good indicator something's up.

          I'm aware of one guy who got nicked after 10 years of bypassing the meters to power his tropical aquarium setup - that only got rumbled because the local substation distribution fuse kept blowing and the powerco started tracking juice flows along the street vs what the meters said.

      3. Alan Brown Silver badge

        Re: Mainstream

        Even up to the late 1920s it wasn't uncommon to see people hauling masses of 2 gallon fuel cans around in their model Ts, as that was the only way to obtain the fuel in a lot of areas.

        Compared to that, Electricity is already 90% of the way there.

    2. Aitor 1 Silver badge

      Re: Mainstream

      Most people will charge their cars at night, and if it is cheaper.. then that is they way it will be done. And yes, you can power that.

      Still, I don't think we will ever see hundreds of live electric cables on the street...

      1. Naughtyhorse

        Re: Mainstream

        trouble with that is..

        a) Economy 7 comes with the sting in the tail of a higher tariff during the day, or higher standing charge.

        b) If millions of people suddenly sign up for it then the business case for E7 goes away. (not least because they have you by the balls and you HAVE to recharge overnight)

  3. Anonymous Coward
    Anonymous Coward


  4. BornToWin

    This is why...

    ...Blighty and other countires need to get serious about cybercrime and proper punishment as a disincentive.

    1. Paul Crawford Silver badge

      Re: This is why...

      Yes, because hanging folk for stealing sheep was so successful that ultimately we could store £250k+ in a shoe box under our beds and not have to consider higher security methods...

    2. Anonymous Coward
      Anonymous Coward

      Re: "proper punishment as a disincentive."

      before you go all daily mail on us ... consider this -

      "If cooperation is likely punish mildly: Insights from economic experiments based on the snowdrift game. "

      Jiang, Perc, & Szolki

  5. M7S

    Oh FFS

    I must admit I thought I'd probably charge my future electric transport (or whatever) by opening the flap and just plugging in, a bit like I do when charging my smartphone at home, an equally complex device but not vulnerable (afaik) to hacking via my dumb toaster. I now realise that's a bit simplistic and there is a cost to the end user and it is necessary to prevent abuse.

    Given that I recall somewhere being told that these electric vehicle are so cheap to run that it's only a £ or two to charge up, would it really be such a drama to go back to coin operated meters where a £ gets you all the juice you can take whilst connected, or say 8 hours worth before it cuts off? I know there are cash collection/handling costs but the increased IT/security cost, potential vulnerability and potential consequent losses related to a complex electronic system just to run some plugs seems increasingly to not be worth it and is complexity for it's own sake.

    1. Suricou Raven

      Re: Oh FFS

      The complexity of car charging isn't just about the billing. It's only mostly about the billing. There's also a matter of compatibility: Some charger physical connectors can carry different types of power, and needs communication between car and charger to establish what voltage the car wants and how much power the car can safely draw without blowing the fuse.

      "I'm a car. Feed me. I can take 110AC, 220AC or 500V DC, maximum 100A. "

      "You must be joking. Idiot's got me plugged into some pathetic little American socket - I can give you 110V at 10A, or 220V at 5A, and I only do AC."

      "Give me the 220, and tell the owner we'll be done this time next week."

      1. Naughtyhorse

        Re: Oh FFS

        Some charger physical connectors can carry different types of power...

        (leaving aside ohms law - which is your real answer)

        you mean like diesel and petrol, and how do we solve that one?

      2. jake Silver badge

        Re: Oh FFS

        "pathetic little American socket"

        I have a double handful of 50A, 240V wall sockets (NEMA 14–50). And none of your pathetic "ring mains", either ... they are all on dedicated breaker-pairs. I have the parts and service capacity to run several more to any location on the property, as well. I also have a few more esoteric, higher capacity systems to run the aging computers, print shop and Bridgeport.

        1. John Smith 19 Gold badge

          Re: Oh FFS

          "I have a double handful of 50A, 240V wall sockets (NEMA 14–50). And none of your pathetic "ring mains", either ... they are all on dedicated breaker-pairs."

          Wot, no baby nuke in the basement?

          1. jake Silver badge

            Re: Oh FFS

            "Wot, no baby nuke in the basement?"

            Nope. PG&E provides the gas & electricity.

            In the event of power failure, I have the capability to run almost everything as normal (sans old computers, alas) using town gas powered generators. When (not if!) the Rogers Creek Fault[1] lets loose with a 6.7+, we can convert all the generators to LPG in under an hour, giving us about four weeks of continuous electricity with the LPG stored on-site. If we baby it, I think we can go close to five months. Not looking forward to testing this theory.

            We also have four small, portable Generac 7,500 W units in both gas (petrol) and diesel.

            [1] Easy walk from where I type. The Wife & I often picnic across it. Standing joke is that "if the Earth Moves, we'll do it again before going back to pick up the pieces" :-)

            1. Anonymous Coward
              Anonymous Coward

              Re: Oh FFS

              Is town gas still in use? I thought that was phased out years ago

              1. jake Silver badge

                @AC 07:33 (was: Re: Oh FFS)

                Local idiom for so-called "Natural Gas". Meaning is that it's supplied by the town. In use in Nevada, California, and Yorkshire that I'm aware of, and probably many other places.

                1. John Smith 19 Gold badge

                  Re: @AC 07:33 (was: Oh FFS)

                  "Local idiom for so-called "Natural Gas". Meaning is that it's supplied by the town. In use in Nevada, California, and Yorkshire that I'm aware of, and probably many other places."

                  It sounds like you've got a fair bit of LNG storage on site fed by a gas line.

                  Now I can understand putting the tanks on quake proof mountings but are you not a tad concerned in case any quake would rupture the line?

                  For those looking at complete independence from the grid I would think you you would be looking at "biogas" AKA anerobic digestion, using any kind of feces (and a few other waste streams IIRC) to generate Methane and/or electricity.

  6. xyz

    Well considering..

    ...that everyone is going to have a smart meter at home (with gov kill switch and a high per unit price tag) and a dumb meter in the street (cheap as chips and 24hr), mine's the van with the deep cell batteries in the back and a slightly open living room window to let the cable in.

  7. JeffyPooh Silver badge

    It's not even that...

    If the e-cars are sitting there all neatly plugged in, what's to stop someone from wandering down the row at about 9:15am unplugging all the cars - so that when the e-commuters return from a hard day at work, they find that the range is (to quote James May) "2".

    Or if the price of copper is high that week, wandering off with all the cables?

    They've not even begun to think this through.

    1. Anonymous Coward
      Anonymous Coward

      Re: It's not even that...

      > what's to stop someone from wandering down the row at about 9:15am unplugging all the cars

      The plugs usually have a locking device.

      You're not the first one to think of that.

      1. Remy Redert

        Re: It's not even that...

        Given the usual level of security in wireless and physical locks, I don't see that being much of a deterrent. Now maybe if you can get the car to message the user when/if it's unplugged (and when it's at specific charge levels, while we're at it) that kind of trick would be much less of a problem.

        1. GettinSadda

          Re: It's not even that...

          Yes, they connectors lock when plugged in, and yes most EVs will send a message to the driver's phone if it stops charging. Also... most modern EVs have external video cameras - they aren't currently set to do anything while charging, but a simple software update could get them to record if there is an unexpected unplugging.

      2. Alan Brown Silver badge

        Re: It's not even that...

        You think a locking device is going to stop Herbert T Drunkard? If it doesn't unplug he'll keep damging it until it does.

      3. JeffyPooh Silver badge

        Re: It's not even that...

        "The plugs usually have a locking device."

        I've not met one socially, but the ones I've seen on the telly were simply normal plugs that could connect to a normal (high current) socket. No locking device shown on the grid end of the cable. If you're referring to the bespoke e-car connectors - I'll hope that you're correct.

        I'm certainly not the first to think of this. It was the subject on "The Neeews" on Top Gear where James and Jeremy suggested this exact prank (as I mentioned). Same two that tried to visit the sea using recent model e-cars and ended up learning a great deal of Medeval history along the way. Obviously their recent experience didn't rule out the prank. So your reassuring reassurance rings just a bit hollow.

  8. jake Silver badge

    Brings up images of ...

    ... us dumpster-diving in the old CO on Fabian Ave. in Palo Alto, trying to dig up the secrets of SS7, and then hitting the bank of pay phones at Mayfield Mall. Phone Freaking[1] was a fun passtime for idle hands, until they made it illegal. Then I started actually making money with what I knew, at age about 15 (early 1970s). Yes, I was a technogeek as a teenager, do you skiddies think you invented it? :-)

    [1] This was before the word "Phreak" was invented.

  9. GettinSadda

    Oh dear!

    I know quite a bit about the internals of EV chargers... and they are probably one of the most pointless devices to attempt to hack. About the worst you could manage is causing drivers to resort to slower 13A charging until a widespread network outage is cleared. If you expend loads of time and effort. And are very bored. I have never seen any charger systems that talk to each other either - they don't mutually balance their loads.

    You could not use them to "take down the grid" any more than you could use street-lights to take down the grid. EV chargers are basically a fancy socket with the on/off switch controlled by a small computer. If someone wants to damage the grid they just need to damage a substation - quick, easy and hundreds of times more effective (with a risk of blowing yourself up - but hey go have fun!!)

    You think they are a convenient place to steal electricity? Really? So you are going to break into a locked device, hack the internal computer (that you have spent ages studying) and then get perhaps 32A out of the connector (to do what with I'm not sure!). Look at all those houses sown the road there - see all those little white plastic doors on the front? Behind each one is a meter and connectors that can supply you 100A with no hacking required... why not use one of them!

  10. markxr

    Street lights

    There are thousands of items already in the street called "Street lights", each of which is wired to the mains. Why don't we see a crime spree of loads of people leeching leccy from them?

    Most are protected only with a cover which can be removed with relatively standard tools, or pried open with a small wrench. Don't these suffer from a crime wave?

    Well, maybe a few get opened occasionally, but nobody really steals much juice from them. Granted, they won't have as much current as an EV charger, but they're much more numerous and less well protected. I'd guess there's not really much of a problem, given that EV chargers are likely to be in places with more passing foot-traffic and cctv too.

  11. Sameer


    Seriously guys? How hard is it to hack an outlet?!? Just plug something into it. An EV charger is nothing short of a glorified outlet, some with some protection to help manage peak load on the electric grid. Every other outlet out there has ZERO PROTECTION TO MANAGE PEAK LOAD and the grid has been handling that find for over 100 years.

    If some truly pathetic hacker wants to make the EV charging outlets, just as vulnerable as the trillions of other unprotected outlets out there, I say pat them on the back for a job well done for your average two year old. Maybe younger ... how old and experienced do you have to be to figure out how to plug something into the wall?


This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2019