If you own an electric car and use a public charge station (even occasionally), it’s important that you keep an eye out for fraudulent charges on your debit/credit card you use to pay for it. Researchers have found that some charge stations, mainly those that require a dedicated card, “have not implemented basic security mechanisms” like encryption.
Mathias Dalheimer, a security researcher who works at Fraunhofer, first presented his findings at the Chaos Computer Club conference. He first contacted the companies in question (which are not named), some of which apparently have refused to fix the issue — so he has put it forward publicly, and now it’s even on the German R&D firm’s official page.
The charge systems in question give you a card with a user ID number on it, which is connected in their backend to an actual debit card on file at the company. That wouldn’t be a problem if this ID number was transmitted, encrypted, every time you use a charge station, but its not.
Intercepting these numbers would be trivial for a hacker, and there appears to be no mechanism for preventing duplicates of that card from being made and used, or for transactions to be otherwise duplicated. Dalheimer compared it to a store accepting a photocopy of a debit card rather than the real thing.
There’s no guarantee that the charge station you use is not legit, but there’s also no way to know for sure that it isn’t. You may be able to ask the company in question if they’re affected and if they are taking measures to protect users. Until better standards are set, you might want to keep an eye out for unauthorized charges.
more recommended stories
Taxfix Closes $13 Million in Series A Funding
Taxfix, the Berlin-based startup that.
Another attainment for French carpooling platform, BlaBlaCar
Another attainment for French carpooling.
Turn your old Kindle into a clock with this cool hack
If you have a Kindle.
MessageBird Unveils Product which allows Businesses to Communicate with Customers
MessageBird, the cloud communications platform.