Finding vulnerabilities: EV charger security research
The ETAS Penetration Testing team across their security testing labs in the United States, Germany, France, and South Korea have teamed up to perform world-class security research and identify vulnerabilities across a plethora of embedded, IoT, and Enterprise systems to help secure critical systems world-wide.
Security research is fundamentally important to both open-source and closed-source software communities for different reasons. At its core, it drives ongoing improvement of software safety, protecting users, organizations, economies, and critical infrastructure worldwide from evolving cyber threats. Acting much like an immune system for the software ecosystem, security research strengthens our collective digital defenses whether code is open or proprietary, fostering trust through resilience.
EV charger research: selection of the targets
The ETAS security researchers took great care when selecting targets for this test. The goal was to contribute novel findings to the community.
Level 1 EV charger:
These chargers have less power output on average, and thus effect the charging speed. These chargers are typically used ad hoc (not permanently installed) and sometimes have wireless connection capabilities. These devices are also more portable than other chargers.
Level 2 EV charger:
These chargers have higher power output, usually run at 240v. This significantly increases the charging rate. These chargers are often permanently installed for home use, and most models on the market have wireless connectivity as well as built in mobile applicaiton support.
Commercial charger:
These chargers are typically used in commercial fleet settings, or at established businesses. They can often charge more than one vehicle at a time, and have backend connectivity that allow them to manage charging via connection to fleet management software or similar.
The challenge: EV charging research is ongoing
The ETAS Penetration Testing team, spanning labs in the U.S., Germany, France, and South Korea, is conducting world-class security research on EV chargers and V2X systems. With vulnerabilities suspected across brands and technologies, the challenge is to uncover and address weaknesses in embedded, IoT, and enterprise systems to help secure critical infrastructure worldwide. Through responsible disclosures to vendors, ETAS hopes to contribute to overall security and safety of the connected vehicle and IoT ecosystems.
The solution
Due to the sensitive nature of Zero-day findings related to security research, the names and details of the vulnerabilities found by the ETAS security researchers are not publicly available at this time. As responsible disclosures are made to vendors, and vulnerabilities are patched, concrete and detailed white papers of these research projects will be published here. Check back in for updates soon!
“As EV adoption accelerates, ensuring the security of charging systems is critical. Our research aims to uncover hidden vulnerabilities before attackers can exploit them, helping to safeguard not only vehicles but also the broader infrastructure and user trust.”
Contact us
Do you have any questions? Feel free to send us a message. We will be more than happy to help.
Contact us today!