Wilco van Beijnum and Harm van den Brink found 17 vulnerabilities in Iocharger EV chargers. 16 fixed, 1 unfixed.
09 Jan 2025 - DIVD
External researcher Wilco van Beijnum together with DIVD researcher Harm van den Brink have found a total of 17 vulnerabilities applicable to at least all Iocharger AC EV chargers. The vulnerabilities were found in the Iocharger Home and the Iocharger Pedestal models, but the firmware is used in all Iocharger AC models, including those sold as white label solutions under other brands.
Updated firmware is available that fixes 16 of the 17 vulnerabilities. Iocharger does not have a customer facing website where firmware, release notes or security bulletins can be found. Instead it has notified its distributor(s) of the need to update the firmware. Customers who have a Iocharger device, but whose installation is or cannot be updated by a distributor or other service organisation can contact sales@iocharger.com directly for updated firmware.
As a general principle we recommend that owners of Iocharger chargers make sure their devices are not accessible from untrusted networks (e.g. the public internet or a guest network).
This discovery fits into DIVD’s ongoing research into vulnerabilities that effect the smart grid, which is becoming more and more distributed in nature. In households that have electric vehicles (EVs), these vehicles are most of the time the biggest consumers of electricity in the house. The ability to control large numbers of EV chargers may ultimately lead to a situation where, by stopping and starting EV chargers in large numbers, a malicious actor may be able to effect the stability of the electricity grid.
More information in our casefile.
Last modified: 09 Jan 2025 09:29 CET