Search for: All records

Electric Vehicle Charging Stations (EVCSs) have been shown to be susceptible to remote exploitation due to manufacturer-induced vulnerabilities, demonstrated by recent attacks on this ecosystem. What is more alarming is that compromising these high-wattage IoT systems can be leveraged to perform coordinated oscillatory load attacks against the power grid which could lead to the instability of this critical infrastructure. In this paper, we investigate a previously sidelined aspect of EVCS security. We analyze the deployment security of EVCSs and highlight operator-induced vulnerabilities rendering the ecosystem exposed to remote intrusions. We create an advanced discovery technique that leverages Web interface artifacts to dynamically discover new charging station vendors. As a result, we uncover 33,320 charging station management systems in the wild. Consequently, we study the deployment security of the charging stations and identify that 28,046 EVCSs were found to be vulnerable to eavesdropping, and around 24% of the studied EVCSs are deployed with default configurations exposing the ecosystem to a Mirai-like attack vector. Aligned with this finding, we discover that the EVCS ecosystem has been targeted by nefarious IoT malware such as Mirai and its variants. This demonstrates that further security measures should be implemented by vendors and operators to ensure the security of this vital ecosystem. Consequently, we provide a comprehensive recommendation for securing the deployment of EVCSs. 

The number of Internet-of-Things (IoT) devices actively communicating across the Internet is continually increasing, as these devices are deployed across a variety of sectors, constantly transferring private data across the Internet. Due to the extensive deployment of such devices, the continuous discovery and persistence of IoT-centric vulnerabilities in protocols, applications, hardware, and the improper management of such IoT devices has resulted in the rampant, uncontrolled spread of malware threatening consumer IoT devices. To this end, this work adopts a novel, macroscopic methodology for fingerprinting Internet-scale compromised IoT devices, revealing crucial cyber threat intelligence on the insecurity of consumer IoT devices. By developing data-driven techniques rooted in machine learning methods and analyzing 3.6 TB of network traffic data, we discover 855,916 compromised IP addresses, with 310,164 fingerprinted as IoT. Further analysis reveals China and Brazil to be hosting the most significant population of compromised IoT devices (100,000 and 55,000, respectively). Additionally, we provide a longitudinal analysis on data from one year ago against this work, revealing the evolving trends of IoT exploitation, such as the increased number of vendors targeted by malware, rising from 50 to 131. Moreover, countries such as China (420% increased infected IoT count) and Indonesia (177% increased infected IoT count) have seen notably high increases in infection rates. Last, we compare our geographic results against Global Cybersecurity Index (GCI) ratings, verifying that countries with high GCI ratings, such as the Netherlands and Germany, had relatively low infection rates. However, upon further inspection, we find that the GCI rate does not accurately represent the consumer IoT market, with countries such as China and Russia being rated with “high” CGI scores, yet hosting a large population of infected consumer IoT devices.