The EV Charging Security Dilemma
On the requirements of EV Charging Security Infrastructure and why relying solely on the individual Electric Vehicle Supply Equipment (EVSE) vendors or Charge Point Operators (CPOs) is not enough…
SaiFlow and Check Point Software Technologies Partner to Secure EV Charging Sites and Distributed Energy Networks
The rapid adoption of Electric Vehicles (EVs) has spurred the growth of EV Charging Stations
eMSP and CPOs Could Expose EV Chargers to OCPP Hijacking
The SaiFlow research team discovered how an adversary can abuse leaked charging stations’ identifiers to perform a wide-scale DoS attack on the public charging infrastructure.
External
Smart Grid Telemetry, Data Key to Securing Distributed Energy Networks
Energy data has a key role in securing and protecting our energy future. As the global shift to decentralized energy networks keeps growing, together with the rising adoption rates of electric vehicles (EVs), cyber adversaries are finding an expanding array of opportunities to attack and exploit the dynamic energy sector.
NIST Cybersecurity Framework for EV Extreme Fast Charging Infrastructure
The Electric Vehicle and Extreme Fast Charging (EV/XFC) networks and infrastructure. The newly officialized framework combines industry standards and best practices for securing the evolving EV charging sites and networks.
ABB Terra AC Improper Authentication Can Lead To EVSE Takeover (CVE 2023-0863 & CVE 2023-0864)
The SaiFlow research team has discovered two vulnerabilities in high severity allowing remote and unauthorized users, within the range of BLE to takeover the EV charger.
The Impact of API Vulnerabilities on CSMS Services & Charging Network Operators – The Use Case of ABB ChargerSync
SaiFlow research team discovered multiple critical vulnerabilities in ChargerSync CSMS allowing adversaries to access customers’ personal information and disrupt charging operations.
May 2023 Security Advisory for ABB Terra AC Charging Station
On May 17, 2023, ABB published an advisory for CVE-2023-0863 & CVE-2023-0864, an Authentication Bypass and Plaintext Communication vulnerabilities…
Free Vending Mode Security Best Practices
Threat actors could abuse Free Vend functionality to perform energy theft by abusing the CSMS of public and private EV fleet charging sites.