The EV Charger Hack That Can Burn Down Your House Just Got More Terrifying

LAS VEGAS—If you’re the proud owner of an electric vehicle, you likely invested in a home charger. However, since modern cars are well-defended against hacking, criminals have turned to hacking the chargers, and in some cases, with frightening, fiery results.

At last year’s Black Hat, we learned that hackers could meddle with your charging schedule, choke down the charging speed, or tweak the billing. None of that would be fun, but it doesn’t compare to this year’s conference, where researchers from Trend Micro showcased how they could physically damage your charger, right up to burning your house down.

Jonathan Andersson, security research manager at Trend Micro, started with a shoutout to Pwn2Own automotive, a hacking contest sponsored by Trend Micro’s Zero Day Initiative devoted to demonstrating security vulnerabilities in cars and related tech. After reviewing past winners, he noted that the bugs they found were all very simple.

“When you take these devices apart, they typically have a main CPU that runs the GUI,” Andersson said. “Sometimes there’s a second processor for power switching and measurement. There are also a lot of devices and peripherals that contribute to quite a large attack surface.”

In short, EV chargers aren’t currently designed with security in mind.

With Great Power Comes Great Overheating

Thanos Kaliyanakis, also a Trend Micro researcher, said his team first performed baseline testing on out-of-the-box unmodified EV chargers. Some of these correctly resisted the hack while others were vulnerable. The team found they could make a small physical modification to the resistant chargers, which put them in the vulnerable category.

“To achieve the task, we needed a way to load the EV chargers with maximum power and pull as much current as possible,” said Kaliyanakis. “We used a bank of heaters to draw various amounts of current during testing.”

If you have one of the vulnerable EV chargers, a hacker across the world could reach in and set it on fire. The same is true for a theoretically safe charger that’s defective or that has been modified.

Get Our Best Stories!

Stay Safe With the Latest Security News and Updates

Sign up for our SecurityWatch newsletter for our most important privacy and security stories delivered right to your inbox.

Sign up for our SecurityWatch newsletter for our most important privacy and security stories delivered right to your inbox.

By clicking Sign Me Up, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy.

Thanks for signing up!

Your subscription has been confirmed. Keep an eye on your inbox!

The results, as demonstrated in a clip reel of all the tests, were nothing short of alarming. In every case, the cables overheated. Some spewed flames, including bits of molten copper. Some released flammable gases into the air, which then ignited. One melted the cord holder off the wall.

“Any cable that didn’t fail violently still failed by melting,” said Andersson. “If the melting cable shorts power through the signal channels, your EV could be damaged.” He noted that overheating the devices to failure took anywhere from an hour to 5.5 hours.

How to Protect Your EV Right Now

Andersson pointed out that you can’t expect a circuit breaker to save your EV charger in this scenario—not unless you purchase a high-end ETU (electronic trip unit) LSI (long-time short-time instantaneous) breaker unit, which costs much more than the typical circuit breaker.

“Don’t mount the cable under the charger, or under anything flammable,” he advised. “Don’t keep the cable coiled while charging. The manufacturer may recommend wrapping the cord around the charger—don’t do that. A shorter cable is safer.”

Andersson encouraged EV charger vendors to “own this problem and fix it.” He noted that new but poor-quality chargers with the same bugs appear for sale every day.

Andersson showed a simple circuit diagram for a modified charger that would be immune to the overheating problem reported here and urged EV manufacturers to embrace it. “Charger manufacturers need to create software-independent, hardware-only safety mechanisms,” he said. “Without this, the risks of fire exist as presented.”

Your trusty charger in your garage may well be one of the safe models. If not, hackers could literally make it explode in a ball of fire. Let’s hope the manufacturers take the warning to heart and create chargers with physical safety mechanisms that aren’t exposed to hacking. Meanwhile, it’s still not a bad idea to get a shorter cable.

About Neil J. Rubenking

Principal Writer, Security

When the IBM PC was new, I served as the president of the San Francisco PC User Group for three years. That’s how I met PCMag’s editorial team, who brought me on board in 1986. In the years since that fateful meeting, I’ve become PCMag’s expert on security, privacy, and identity protection, putting antivirus tools, security suites, and all kinds of security software through their paces.

Before my current security gig, I supplied PCMag readers with tips and solutions on using popular applications, operating systems, and programming languages in my “User to User” and “Ask Neil” columns, which began in 1990 and ran for almost 20 years. Along the way I wrote more than 40 utility articles, as well as Delphi Programming for Dummies and six other books covering DOS, Windows, and programming. I also reviewed thousands of products of all kinds, ranging from early Sierra Online adventure games to AOL’s precursor Q-Link.

In the early 2000s I turned my focus to security and the growing antivirus industry. After years working with antivirus, I’m known throughout the security industry as an expert on evaluating antivirus tools. I serve as an advisory board member for the Anti-Malware Testing Standards Organization (AMTSO), an international nonprofit group dedicated to coordinating and improving testing of anti-malware solutions.

Read Neil J.’s full bio

Read the latest from Neil J. Rubenking