Darren Meyer :donor:2 of 8 chargers tested didn't have any software-level over-current protection (including the OpenEVSE firmware) – Anderson & Kaliyanackis #BHUSA #LivePost
Darren Meyer :donor:Software safety can just be broken too -- found an uncompromised charger reporting 46A but was actually passing 80A! – Anderson & Kaliyanackis #BHUSA #LivePost
Darren Meyer :donor:Able to destroy a charge cable via an arc flash on multiple brands of wall charger, which creates smoke, fumes, and fire. Software vulnerability leading to absurdly dangerous situations. – Anderson & Kaliyanackis #BHUSA #LivePost
Darren Meyer :donor:cables were heated to over 177°C before failure, which is dangerous on its own (severe burns and worse). – Anderson & Kaliyanackis #BHUSA #LivePost
Darren Meyer :donor:"Reminding everyone that 'fire goes up'": don't mount your cable holder below anything flammable. Also don't leave it coiled while the vehicle is charging, especially not tightly coiled – Anderson & Kaliyanackis #BHUSA #LivePost
Darren Meyer :donor:Defenses are mostly expensive, but removing the charger unit from all networks, disabling radios, and physically securing against walk-up attacks are often easy and effective.. But device manufacturers should have hardware-based protections, not relying only on software-based. Could be as simple as a fuse – Anderson & Kaliyanackis #BHUSA #LivePost
Darren Meyer :donor:There are outcomes that involve "theft" of power/charging service, but obviously the biggest problem is the safety risk an attacker could introduce (either accidentally or deliberately) – Anderson & Kaliyanackis #BHUSA #LivePost