What about cybersecurity?
This is an item definition of an EVSE system
What challenge do we meet?
• Man-in-the-middle (MITM) attacks outside or inside the EVSE
• Manipulations of EVSE configuration and firmware updates via USB ports. Since this update mechanism is frequently insecure, arbitrary code could be inserted into the EVSE. By this
method, an attacker for example can make charging free for all or can steal customers’ card numbers to make charges at their cost
• Compromised keys used to sign updates or servers that store these keys
• For EVSEs with OTA upgrade capability for downloading software files, an attacker could make the EVSE download malicious software files
• Attackers could target the EVSE to achieve one or more of the following goals:
o Read updates: Attackers aim to learn the contents of software updates in order to reverse-engineer the EVSE firmware and/or steal intellectual property
o Deny functionality: Attackers try to stop the EVSE from functioning correctly, thus causing the EVSE to fail abnormally, either temporarily or permanently
o Control: Attackers try to modify the EVSE performance and functionality
• Physical access, such as an attacker manually tampering with the EVSE (e.g. ports)
• Firmware updates not digitally signed or encrypted
• Weak or no authentication (e.g. default credentials), authorization or encryption for firmware updates and use of insecure internet protocols
How can we prevent this? Design guidelines for HW and SW we will share some tips & trix to support you with your product development. And follow our educations online.