NCC Group experts uncovered critical zero-day vulnerabilities in Phoenix Contact EV chargers, showing cybersecurity risks at the 44CON conference. The hackers won $70,000 after successfully exploiting the vulnerabilities to take full control of the charger, impacting its operation and potentially exposing sensitive data. These vulnerabilities were discovered at the Pwn2Own Automotive 2024 event, revealing High and Medium severity flaws that allowed unauthorized access and password resets
By chaining low-risk vulnerabilities, the researchers achieved Remote Code Execution on the charger, gaining complete control, which could lead to widespread attacks on charging stations, including shutdowns, ransomware, data theft, and service disruptions. Although the vulnerabilities have been patched, the incident highlights the importance of prioritizing security in EV charging infrastructure as the number of charging stations increases. https://hackread.com/zero-day-flaws-ev-chargers-to-shutdowns-data-theft/