Electrical vehicle owners generally use a charging card to pay for the electricity they have used for recharging their electric vehicles. These charging cards use an ID number stored on the card which is linked to the user’s bank account for payment. Mathias Dalheimer, at ITMW found that it is easily possible to debit the charging costs to the insecure cards of other users by cloning the charging card.
“It is pretty easy to clone a charging card," he said. "There are insufficient safeguards for communication between charging stations and the billing back-end. Card numbers are transmitted directly to operators – often without any encryption at all. Simple equipment can be sued to intercept these transmissions and obtain customers’ card numbers.”
It would be difficult to prove unauthorised use, particularly as the charges are often billed weeks after the costs are incurred.
Dalheimer is a member of the Chaos Computer Club (CCC) and he presented the security issue at the club’s annual conference, which led to several operators taking steps to secure their systems. He is looking to set up a consortium of experts that will systematically tackle these types of events.