Security flaws with Wallbox and Project EV

[AdeB]

Home car charger owners urged to install updates

 

[RichardC]

This is the research that the article is based on.

Smart car chargers. Plug-n-play for hackers? | Pen Test Partners

Over the last 18 months, we’ve been investigating the security of smart electric vehicle chargers. These allow the owner to remotely monitor and manage the charge state, speed and timing of their car charger, among many functions. We bought 6 different brands of chargers and also reviewed...

www.pentestpartners.com

 

[weedavemac]

I have just been quoted to get a wallbox unit put in. This is giving pause for thought

 

[pjmuk]

I have a Wallbox Pulsar Plus, and would recommend it. The article doesn't say which model/version of Wallbox had the issue, but does say Wallbox fixed it within 2 days. Other comments re the circuit board would require taking the unit apart, which makes no sense, as a hammer could open any plastic charger! Whether anyone would want to take apart a 240v 32Amp unit whilst live is somewhat debatable!!

 

[AdamMGEV]

Wallbox doesn't allow any security concerns to your home network or anything. And would anyone ever really go to the trouble of unlocking it to charge their own car? Or disabling it for you to use? I doubt it unless there's something in it for them.

 

[Jaygee]

I have a Wallbox Pulsar Plus, and would recommend it. The article doesn't say which model/version of Wallbox had the issue, but does say Wallbox fixed it within 2 days. Other comments re the circuit board would require taking the unit apart, which makes no sense, as a hammer could open any plastic charger! Whether anyone would want to take apart a 240v 32Amp unit whilst live is somewhat debatable!!

It is the raspberry pi board which is the source of the vulnerability. You would really need to know what you are doing and it won’t be a quick hack, it would, I think, require some time to do. Unless your box is hidden out of sight, being caught is just not worth the minimal gains for the common criminal. if you are that savvy and intent a breaking into home networks, I am sure there are other ‘easier’ ways.

i had a wallbox pulsar installed under the olev grant a week before this article was published. I contacted wallbox asking them if they would retro upgrade my brand new box to the more secure chipset as thye were already aware of the vulnerability but yet continued to manufacture and supply the chargers. Till date they have not replied to my email and I doubt that they ever will. Shortly after I contacted them for tech support but they did not reply to that either. I would therefore say that whilst the charge boxes on the whole might be good ( I would not buy one now )
their customer service is absolutely rubbish.

 

[BillyWhizz]

lets get this in to perspective what is the chance of this causing a problem very small to till

 

[Jaygee]

lets get this in to perspective what is the chance of this causing a problem very small to till

That’s true it is unlikely to be a big problem as I mentioned but it is the principle of the thing. Selling something that is flawed being fully aware about it. That imho is unacceptable. Others might be fine with this. I am not.