Russian media: Chinese experts have demonstrated that urban electric vehicle charging networks are vulnerable to hacking.
Reported by Russian media outlet "China Today" on April 25.
Chinese shared service operators—such as those for electric bicycles or electric vehicle charging stations—have overlooked security concerns.
The infrastructure is highly susceptible to cyberattacks.
Chinese experts showcased the vulnerability of such services during a professional conference, demonstrating how they can be compromised under typical cyberattack scenarios.
He pointed out that shared services using IoT technology have architectural flaws: rental devices are equipped with ports, and attackers with the right skills can connect to these ports and identify vulnerabilities.
Common authentication keys may be used in device firmware and server services; moreover, client applications for rental services often have weak protection.
After bypassing application-level protections, hackers can create “ghost” clients that the service provider cannot distinguish from legitimate ones—these “ghost” clients are then allowed to use rental devices for free.
Customer personal information is also at risk, as accessing the server side is relatively easy.
The expert supported his claims with a compelling demonstration.
He developed a universal cracking tool named IDScope for rental services and demonstrated how it could interface with an iOS application used by a popular Chinese electric vehicle charging network.
Within one or two seconds, the green icon representing the charging device (“available”) turned gray (“disconnected”).
The weak security measures in IoT architecture not only allow intrusions into individual devices but could also enable DDoS attacks on these services, potentially paralyzing an entire city’s electric vehicle charging network.
Original article: toutiao.com/article/1863399138380931/
Disclaimer: The views expressed in this article are solely those of the author.