Electric car drivers could find themselves unable to charge their vehicles, if attackers exploit recently discovered flaws in Schneider Electric’s EVlink Parking charging stations, found in offices, hotels, and supermarkets across several countries. Featured stories Best of CES 2019: Cool tech you can buy this year Game of Clouds: Lock-In is Coming Samsung’s Galaxy S10 unveiling is February 20 and all it has to do is save the smartphone industry How to build a temporary green screen YouTube studio Security experts Vladimir Kononovich and Vyacheslav Moskvin at Positive Technologies are now offering details of the three vulnerabilities they found that led to the energy-management company issuing a security notification on December 20. Schneider Electric is urging its customers to install new firmware on the charging stations, if the current one is version 3.2.0-12_v1 or earlier. It also said users could “set up a firewall to block remote/external access except by authorized users” to reduce the risk of an attack. Of the three vulnerabilities, one is critical, one high risk, and the third is rated medium. The critical vulnerability, CVE-2018-7800, is tied to a hard-coded credential bug that could enable attackers to gain access to the charging station with maximum privileges. The hacker could access the station’s web interface and send commands to control the charging process. It could, for instance, stop a car from charging, but it could also switch on the reservation mode of the charging station, rendering it inaccessible to customers. In addition, the researchers say a malicious actor… [Read full story]
ZDNet is a business technology news website published by CBS Interactive, along with TechRepublic. The brand was founded on April 1, 1991, as a general interest technology portal from Ziff Davis and evolved into an enterprise IT-focused online publication owned by CNET Networks.