Update 5:39 PM ET: Electrify America has responded to Teslarati with the following statement:
“Intentionally accessing a computer system without authorization can be a serious crime and may incur civil liability as well. We continue to investigate these events and intend to protect ourselves and our customers.”
A bug in an Electrify America charger has allowed one person to gain nearly unlimited access, activating concerns of potential hacking vulnerabilities.
As electric vehicle chargers have become an ever more prevalent part of the infrastructure around us, worries about their security have mounted. Potentially the best example of this security risk has been spotted by the Kilowatts, who showed that they had gained access to an Electrify America charger with ease by utilizing a program called TeamViewer.
As seen in the video posted on Twitter this afternoon, the Kilowatts gained what looks to be unrestricted access to an Electrify America charger.
Nothing to see here… pic.twitter.com/UfLrI7Bhgl
— The Kilowatts 🚗⚡️ (@klwtts) January 29, 2023
In a second video, it is shown that, through TeamViewer, the charger’s internal computer is essentially completely open, allowing a potential hacker to move the mouse, type, and open programs on the machine.
Guilty 😅
I wonder @ElectrifyAm has a bug bounty program 🏴☠️ pic.twitter.com/1Y6tMzS8Zu— The Kilowatts 🚗⚡️ (@klwtts) January 29, 2023
We reached out to Ryan of The Kilowatts, who believes the vulnerability does open the door for more sinister people to obtain personal information. “Essentially, I could spin up a spoofed EA application that collects personal information through the touchscreen,” he told us. He said he couldn’t access the credit card reader, but others, with perhaps more hacking experience, could.
This could catalyze concerns about customer privacy and security.
This is far from the first time that Electrify America has been criticized for what some claim to be a sub-par charging experience. The company has infamously faced allegations of large numbers of its chargers being inoperable, its charger software being clunky and, in this case, insecure, or even that it has not aggressively enough expanded to offer charging throughout the United States.
Sadly, this bug discovery comes only hours after another Electrify America charger allegedly damaged a vehicle that plugged into it. That issue was found when a Rivian R1T plugged into the charger and could not move after the charger “fried” the truck, according to the vehicle owner. And this follows a string of similar occurrences with other vehicles around the country. Worryingly, Electrify America has not yet responded to this allegation either.
EV owners report issue that “fries” cars when charging at Electrify America
With electric vehicles gaining more computational power and capabilities, such as remote charging payment or even autonomous driving, cybersecurity has become exponentially more important to the auto industry. Along with changes from automakers to make their vehicles safer than ever, the “smart” infrastructure they interact with will also need to become more fortified. It is up to companies like Electrify America to institute these changes and ensure the best EV ownership experience possible.
What do you think of the article? Do you have any comments, questions, or concerns? Shoot me an email at william@teslarati.com. You can also reach me on Twitter @WilliamWritin. If you have news tips, email us at tips@teslarati.com!
