author photo
By Bruce Sussman
Fri | Feb 1, 2019 | 6:27 AM PST

If you have an electric car, there's a chance you've plugged into an "EVlink Parking" charging station.

It is a commercial charging station made for curbside, offices, hotels, supermarkets, the mall—just about anywhere drivers can pull up and plug in.

Using it may help close the ozone hole, but the product apparently has some open cybersecurity holes.

And if your company has placed some of these particular charging stations or owns them around town, you'll want to know about the following.

IoT security vulnerabilities in car charging stations

Schneider Electric, which makes the vehicle charging stations, issued a security alert about its EVlink Parking product. 

•  A hard-coded credentials vulnerability that could allow an attacker access to the device:

"The login for the web server is always admin or user and can’t be modified. We strongly recommend changing the defaults passwords (user and admin) by strong ones in our instruction sheet provided with our products."

•  A code injection vulnerability that could lead to privilege escalation:

"A Code Injection vulnerability exists which could enable access with maximum privileges when a remote code execution is performed."

•  An SQL Injection vulnerability:

"A person with an already existing user access can change his status to admin to the web server."

Here is the EVlink Parking vulnerability alert from Schneider Electric, including details on patches that address these risks.

Plug 'em in.

[RELATED: Top IoT Concerns for Information Security and Privacy Professionals]

Comments