Skip to content

Payment systems for electric car charging stations may lack basic security measures

Just a PSA: If you regularly charge your car at a public charging station, you may want to keep an eye on the fraudulent charges on the card you use to pay for it. The researchers found that some charging stations, especially those that require a dedicated card, "do not have basic security mechanisms in place" such as encryption.

Mathias Dalheimer, a security researcher working at Fraunhofer, first presented his findings at the Chaos Computer Club conference. He first contacted the companies in question (which are not named), some of which apparently refused to solve the problem – so he presented it publicly, and now he even appears on the official page of German R & D.

The payment systems in question give you a card with a user identification number, which is connected in their backend to a real debit card in the company file. It would not be a problem if this identification number was not transmitted, unencrypted, every time you use a charging station.

Intercepting these numbers would be trivial for a hacker, and it seems that there is no mechanism to prevent duplicate cards from being produced and used, or that transactions are otherwise usurped. . Dalheimer likened it to a store accepting a photocopy of a debit card rather than the real thing.

There is no guarantee that the charging station you are using is compromised, but there is no way of knowing for sure that this is not the case; you can ask the company in question if it is concerned and if it takes steps to protect the users. Until better standards are established, you might want to keep an eye on unauthorized charges – or even unauthorized charges.

See also  The FCC returns to a disastrous year through tinted glasses of pink