Blog

Vulnerabilities in Connected EV Chargers Could Damage Home Networks?

Yesterday cybersecurity company Kaspersky Lab published a press release which claims that:

Kaspersky Lab experts have discovered that electric vehicle chargers supplied by a major vendor carry vulnerabilities that can be exploited by cyber-attackers, and the consequences of a successful attack could include damage to the home electricity network. While modern electric vehicles are tested constantly for vulnerabilities, this research reveals that some of their essential accessories, such as battery chargers, may remain at risk.

For more information on the electric vehicle charger vulnerabilities discovered by Kaspersky Lab, read the full report on Securelist.com.

The “major vendor” referred to is not identified in the press release, but the full report on Securelist reveals that ChargePoint, Inc. is the company in question.

Kaspersky continue:

The researchers found a way to initiate commands on the charger, to either stop the charging processor or set it to the maximum current possible. While the first option would only prevent a person from using the car, the second one could potentially cause the wires to overheat on a device that is not protected by a trip fuse. If compromised, the connected charger could therefore cause a power overload that would take down the network to which it was connected. This could result in significant financial impact and, in the worst-case scenario, damage to other devices connected to the network.

To change the amount of electricity being consumed, all that an attacker would need to do is obtain access to the Wi-Fi network that the charger is connected to. Since the devices are designed for home users, security for the wireless network is likely to be limited. This means that attackers could easily gain access, for example, by bruteforcing all possible password options – a common method of attack. According to Kaspersky Lab statistics, 94 percent of attacks on IoT in 2018 came from Telnet and SSH password bruteforcing. Once inside the wireless network, the intruders can easily find the charger’s IP address, which, in turn, will allow them to exploit any vulnerabilities and disrupt operations.

All the vulnerabilities discovered by Kaspersky Lab researchers were reported to the vendor and have now been patched.

The final paragraph is a relief, but here are Kaspersky Lab’s suggestions for avoiding similar problems in the future:

To protect your smart devices, including electric vehicle accessories:

  1. Regularly update all your smart devices to the latest software versions. Updates may contain patches for critical vulnerabilities, which, if left unpatched, could give cybercriminals access to your home and private life.
  2. Do not use the default password for Wi-Fi routers and other devices. Immediately after install, change it to a strong password, and do not use the same password for several devices.
  3. It is recommended to isolate the smart home network from the network used by your or your family’s personal devices for basic internet searching. This is to ensure that if a device is compromised with malware, your smart home system will not be affected.

V2G EVSE ISOSEC Project Attracts OLEV Funding

Tremail – 26 October 2018

For immediate release

  • V2G EVSE secures OLEV funding to assess the feasibility of combining their V2x ready smart EV charging station controller with the Urban Electric UEone pop-up charger
  • ISOSEC (Inconspicuous Smart On-Street EV Charging) is a £114,000 project with Urban Electric Ltd, Plymouth City Council, Energeo Ltd, Duku and Urban Foresight Ltd

V2G EVSE Limited’s “Inconspicuous Smart On-Street EV Charging” (ISOSEC) project is part of the “Electric vehicle charging for public spaces: feasibility” competition, funded by the Office for Low Emission Vehicles (OLEV) and administered by Innovate UK.

As a first phase of an innovation funding programme worth approximately £40 million, 27 feasibility studies will analyse the application and impact of innovative technologies for EV charging.

In particular, 18 feasibility studies will focus on how a well designed, well integrated EV charging infrastructure in public spaces can help facilitate the adoption of electric vehicles (EVs) among local residents without access to home charging due to a lack of off-street parking.

9 feasibility studies will instead focus on the application of Wireless EV charging to commercial users, reducing business disruptions when charging the vehicles and therefore increasing the attractiveness of the EV proposition.

These projects will assess the feasibility of defining sustainable models intended to maximise the effectiveness and impact of infrastructure deployment. The wide variety of technologies and business models analysed in these studies will help implement a charging infrastructure that is affordable, dependable, and fair for all road users, as well as making owning an EV an attractive proposition for all.

In a subsequent phase of the funding round, the best projects will be competing for funding for implementation of real-world demonstrators.

The ISOSEC project will investigate the feasibility of combining Urban Electric Limited‘s UEone pop-up (retractable) charging post with V2G EVSE’s standards-compliant V2x-ready smart charging station controller.

This system builds on the Urban Electric UEone charger being trialled with Oxford City Council, and develops it into a smart charging solution.

The project will also assess the feasibility of using big data and geographical information systems to locate EV charge posts where they can maximise their potential to deliver grid services to DNOs together with creating a Special Purpose Vehicle (SPV) funding model to:

  • Enable the roll-out of charging posts at no-or-low cost to local authorities
  • Generate revenue for the local authority over the lifetime of the SPV

The other collaborators on the ISOSEC project are:

Commenting on the award of the OLEV funding Olivier Freeling-Wilkinson, cofounder of Urban Electric, said that:

Urban Electric is focused on developing charging infrastructure that does not detract from the urban environment. We are excited to be collaborating with our consortium partners to explore the feasibility of developing the UEone pop-up charger as a smart charging solution.

 

V2G EVSE’s CEO Jim Hunt added:

It was a great pleasure to work with Keith and Oli on the preparation of our bid over a comparatively short period of time. We have a great team of collaborators, and I very much look forward to working with them all on assessing the feasibility of both our innovative on street charging business model and the potential for integrating our smart charging station controller into the UEone EV charging post.

 

Ian Dee, CEO of energeo remarked that:

Energeo are delighted to be part of project ISOSEC, which aims to address some of the key issues around EV infrastructure roll-out in complex urban environments. We’re particularly excited to assess the role geospatial big data and analytics can play in locating charging infrastructure to maximise utilisation and support the delivery of grid services.

 

Dan Turner, Low Carbon City Officer for Plymouth City Council, pointed out that:

Plymouth City Council are committed to further developing EV infrastructure in both public spaces and on street charging. We are excited to be collaborating with such innovative partners to assess the feasibility of installing pop-up chargers and we hope that this work can lead to the development of an on street charging business model in order to help Plymouth become a more sustainable place to live.

 

Paul Blakeman, Head of Innovation at Urban Foresight, commented:

Urban Foresight is a smart cities consultancy focused on helping cities to procure innovation, manage innovation pilots and deliver smart city programmes. We are excited to be collaborating with this group of consortium partners to assess how smart charging can be implemented to support EVs in Plymouth.

** END **

About V2G EVSE

V2G EVSE Limited is a British electric vehicle charging startup based in North Cornwall. In March 2018 the company began development of a Vehicle-to-Grid controller with modular communications using seed funding provided by a Department for Transport T-TRIG grant. Jim Hunt, V2G EVSE’s CEO, sits on a number of British and international smart-grid and electric vehicle standards setting committees. The V2G EVSE controller firmware will incorporate those emerging standards as they develop.

V2G-EVSE.com. Contact: email hidden; JavaScript is required

 

About Urban Electric

Urban Electric Networks Ltd is a British electric vehicle charging startup formed in London in June 2017 by Olivier Freeling-Wilkinson and Keith Johnston in the belief that EV charging infrastructure should impact positively on urban streetscapes. Voted Top 30 European Cleantech Start-up 2018 by Climate-KIC, the EU’s climate innovation agency.

urbanelectric.london. Contact: email hidden; JavaScript is required

 

About Energeo

Energeo utilise geospatial Big Data, Open Data, and Machine Learning to create unique insights into existing energy performance and future potential for renewable and sustainable energy. The company is currently using those techniques to pilot methods to identify the optimum location for electric vehicle charging infrastructure.

energeo.co.uk. Contact: email hidden; JavaScript is required

 

Plymouth City Council

plymouth.gov.uk. Contact: email hidden; JavaScript is required

 

About Duku (Albright Product Design)

Duku is a Product Design consultancy that provide help in taking an idea through to production including; prototyping, intellectual property and manufacturing support. Duku are currently working with Urban Electric on projects supported by Innovate UK to develop the UK’s EV charging infrastructure.

Duku.co.uk. Contact: email hidden; JavaScript is required

 

About Urban Foresight

Urban Foresight® was established in 2011 as the world’s first dedicated smart city consultancy. We are a mission driven business that thinks deeply about the opportunities to transform services and solve societal challenges.

Our multi-disciplinary team works across different sectors and is skilled at translating ideas into action.

We write award winning reports, provide evidence-based insights and deliver investment-ready strategies.

urbanforesight.org. Contact: email hidden; JavaScript is required

What Are The Top IoT Platform Requirements?

Our regular readers will be aware that we have been discussing our Internet of Things platform requirements with Digi International for quite some time now. At long last Digi have revealed what they see as their top 5 IoT requirements. Brad Cole, Digi’s Enterprise Software Product Manager, explains their view of such things in this newly released video:

I don’t know about you, but I quite like the sound of this bit:

It should provide a central aggregation service to which all remote gateways and devices attach, and it should do so securely with automated detection and self healing. Devices then utilise a secure integration protocol to send and retrieve data in a variety of ways.

What should you be looking for in an IoT platform? What are the top 5 “must have” requirements? First and foremost, security is key!

With all that in mind we’ve had one of Digi’s new XBee3 Cellular LTE-M/NB-IoT Global modules in our possession since before they announced it. However here in the UK LTE-M is conspicuous only by it’s absence, so we’ve been anxiously awaiting Digi’s promised “certification of Digi XBee3 Cellular NB-IoT in October 2018”. It’s still September and Digi haven’t issued another press release yet, but nevertheless we have already managed to upgrade our XBee3 module to firmware revision C. According to the accompanying release notes:

### Release Version

1140C – XBee3 Cellular LTE-M/NB-IoT Global

### Release Date

  • September 2018

### New Features:

  • NB-IoT Support
  • Support for European and U.S. Carriers.
  • Important: Conditionally approved for use on T-Mobile NB-IoT network for evaluation and development purposes. Full certification will be completed with an upcoming cellular component firmware update (SARA-R410M-03B).
  • Added new option 1 to CP command for network configuration.
  • Added new commands BM, BN to select band mask.
  • Added new command N# to select network preference.

For some strange reason Digi neglected to mention the “upcoming cellular component firmware update” back in August. However it does sound as though their new module is now fully certified for use on Vodafone’s NB-IoT network. Digi have also just updated their XBee3 Cellular LTE-M/NB-IoT Global module specification sheet, which now reads as follows:

  • OPERATING MODES (LTE-M) Transparent and API over serial, PPP over USB or serial
  • OPERATING MODES (NB-IoT) Transparent, API, UDP

Digi’s technical support team assure me that:

Currently the updated U-Blox code is not scheduled to be certified till around Q2 of 2019.

Better late than never I guess? They have also clarified the issues involved in updating the u-blox SARA R410M module firmware once rev 3B is eventually issued:

You will not be able to perform the firmware update via the old XBIB-U-DEV board you have. It will require the use of a new board that is still in development which will provide USB direct access to that U-Blox chip.

When the new board is released, you will have access to the USB direct pins. One will place the module in USB direct mode which also puts it in bypass mode. If you are using Linux, your Linux modem manager or other options will be able to talk directly to the U-Blox chip.

Personally I cannot wait for that glorious day, because that will allow me to tick one more of the boxes on V2G EVSE’s checklist of top IoT platform requirements. To summarise, here are the top 6 entries on our current IoT platform leaderboard:

  1. LTE-M and NB-IoT global certifications
  2. Security
  3. Reliability
  4. Scalability
  5. Flexibility
  6. Simplicity

Cornwall New Energy Electric Vehicles Seminar

We’ll be attending the Cornwall New Energy electric vehicles seminar which takes place on the morning of September 18th at the Royal Cornwall Showground just outside Wadebridge, right here in North Cornwall!

Not only that, but also we’ll have a stand as part of the associated “supplier fair”. The proof of concept of our new V2x enabled standards compliant electric vehicle charging station controller will be on display:

V2G-EVSE-Controller

If you’re a small business owner then please come along and have a chat, whether about electric vehicles in general or vehicle-to-grid technology in particular. With a bit of luck we’ll also have one or two rather larger pieces of equipment to show you as well.

Apart from V2G EVSE Limited some other more famous names will be in attendance. According to the CNE announcement:

You will be given the opportunity to discover more about CNE and this emerging technology, meet with local experts and suppliers and test drive an electric vehicle. Speakers and suppliers include representatives from Cornwall New Energy, Nissan, Renault, Ecodrive, the Energy Savings Trust and Mitsubishi.

You can take a look at some of the other EVs in question over on our parent company’s web site, but here’s the subject of our most recent long distance test drive, the 2018 Nissan LEAF:

2018-06-28_10-12-43_878

I’m also led to believe that there will be some e-Bikes on display as well. Book your free tickets now, and if you would like to test drive some EVs on the 18th of next month please don’t forget to bring your driving licence with you!

V2G EVSE Announce Digi LTE-M Module

Further to the announcement earlier this week of the seed funding from the United Kingdom’s Department for Transport for our “Vehicle to grid controller with modular communications” project we have another exciting announcement to make this afternoon.

First of all please feel free to take a close look at the module that provides our controller with its LTE-M functionality. Note that it is in single antenna mode in the picture, but supports a second antenna if necessary:

V2G-EVSE-Digi-LTE-M

Secondly also bear in mind that, as an eagle eyed reader from Cambridge spotted earlier this week, the module shown above is mounted in what we prefer to refer to as the “V2G EVSE V2x controller with modular communications”.

Next we invite you to read yesterday’s press release from Digi International® headlined “Digi XBee3 Cellular LTE-M Smart Modem and Development Kits Now Available“:

MINNETONKA, Minn., Aug. 8, 2018 – Digi International®, (NASDAQ: DGII, www.digi.com), a leading global provider of Internet of Things (IoT) connectivity products and services, today announced the immediate availability of the Digi® XBee3™ Cellular LTE-M development kits, featuring Digi’s next-generation smart cellular modem.

This LTE-M certification, to be followed by the certification of Digi XBee3 Cellular NB-IoT in October 2018, allows Digi to bring one of the first LPWAN, software-defined technology-agile modems capable of offering Cat-M or NB-IoT on a single, compact footprint. Designed to be customer-configurable, developers can easily standardize and futureproof their IoT designs by simply changing modems and SIMs to leverage different wireless protocols without having to redesign hardware for different regions or applications.

Ushering in a much more simplified way of testing designs and incorporating cellular connectivity into wireless solutions, the new Digi XBee3 Cellular LTE-M smart modem is integrated into the development kit via a 20-pin Digi XBee socket, ultimately allowing for solution connectivity via millions of sockets already deployed around the globe. The module can also be easily configured and controlled from a centralized platform such as the Digi Remote Manager®.

Digi International is an Amazon Web Services (AWS) Advanced Technology Partner in the AWS Partner Network (APN), and the Digi XBee3 Cellular LTE-M is a smart cellular modem supported by AWS IoT Core. With built-in Digi TrustFence® security, the module’s identity and data privacy features use more than 175 controls to protect against new and evolving cyber threats. It also provides the tools to secure connected devices, including data in motion with TLS 1.2 encryption and bi-directional authentication – required for AWS IoT connectivity.

You may well wish to read the Digi press release in full, and I can reveal that we didn’t make use of Digi’s development kit when constructing our controller. However I’m afraid we’ll have to leave you to speculate for a while about how the V2G EVSE V2x controller delivers its NB-IoT functionality.

If you happen to have noticed that we’re based in the UK you may also be speculating about the SIM card plugged into the Digi LTE-M module shown above? If so we can put you out of your misery on that front at least. We paid the carriage across the pond and received this from Hologram in return:

Hologram-SIM

“A single SIM for all of Earth”!

We haven’t tested that claim of course, but it certainly works for us here in sunny South West England

Department for Transport Invests in V2G EVSE

This morning the United Kingdom’s Department for Transport issued a press release which mentions us! It also mentions what is hopefully some very good news for other Great British small businesses too:

The Department for Transport (DfT) has today (6 August 2018) set out plans to level the playing field for small businesses bidding for government contracts.

In its SME Action Plan, the DfT has committed to directing a third of its procurement spending towards small and medium-sized enterprises by 2022.

As part of this pledge, the department has also awarded £700,000 in Transport Technology Research Innovation Grants (T-TRIG) to support innovative transport projects, including a universal train access ramp that would help disabled people board trains more easily across the network.

Transport minister Jo Johnson said:

Small and medium-sized businesses play a key role in this country’s economy and I am proud of our outstanding record in this area.

With this new action plan, we are leading by example by making it easier for these businesses to bid for contracts, and we will continue to support them over the coming years.

This year, out of 23 innovative transport projects given a share of £700,000, 14 were from small and medium-sized enterprises with fewer than 250 members of staff.

According to the Department for Transport’s aforementioned SME Action Plan:

This action plan outlines how the Department for Transport (DfT) will meet the Government’s aspiration of ensuring that 33% of all procurement spend will be with small and medium enterprises (SMEs) by the end of this Parliament, either directly or indirectly through the supply chain.

and here’s how the implementation of that plan is progressing:

2018-08-06_DfT_SME_Targets

Here at V2G EVSE we currently have far fewer than “250 members of staff”, and this is what the DfT had to say about our “Vehicle to grid controller with modular communications” project, seed funded by the Department for Transport in response to our “Transport Technology Research Innovation Grant Open Call” bid:

Developing a prototype for a vehicle to grid electric vehicle charging station controller, which will enable optimal charging across multiple vehicles, managing energy demand. This will include modular communications which will provide information to a central system.

We were notified about our successful bid back in March, and a lot of progress has been made since then down here in North Cornwall! Here’s how the hardware side of our proof of concept EV charging station controller looks at the moment:

V2G-EVSE-Controller

With its assorted comms modules and their associated aerials it can currently communicate using Bluetooth “Low Energy”, WiFi, ZigBee, 2.5G, 3G, 4G, NB-IoT, LTE-M , “long range” WiFi, LoRa and Sigfox. Note first of all that not all of those technologies are suitable for the V2G use case. Note also that the V2x acronym covers a wide variety of ways of “improving the charging of electric vehicles” apart from just full blown vehicle-to-grid, including V1G (AKA “smart charging“), V2B (vehicle-to-building), V2H (vehicle-to-home) and V2I (vehicle-to-infrastructure).

From our perspective down here in sunny South West England the word “infrastructure” in the context of “electric vehicles” covers a range of Government departments. Electric vehicle charging stations definitely have one foot in the “transport” arena. In this day and age another one stands in the “energy systems” stadium as well. What’s more EV charging stations are not bipedal. Another foot is in the “digital” domain, and the fourth falls firmly in the “Future Cities” field.

The Things Network and Digital Catapult join LoRaWAN forces!

Some extremely interesting news just arrived in my inbox. Perhaps Kasia will have much more to say on this in due course, but for the moment here are the bare bones from this morning’s press release from The Things Network:

Digital Catapult & The Things Network join forces to create the largest LoRaWAN network in the UK

Digital Catapult’s Things Connected initiative has partnered with The Things Network (TTN). This collaboration brings together two well-established initiatives in the UK, creating Britain’s largest free-to-use LoRaWAN network and innovation community.

UK innovators will now be able to develop and build Internet of Things (IoT) solutions on a network with over 400 base stations across the country. It brings together the existing Things Connected regions (London, North-East, and Northern Ireland) and the 63 local The Things Network communities with over 700 members and 300 base stations. Things Connected innovation programmes are now more accessible and inclusive to UK entrepreneurs no matter where they’re based.

Apart from anything else that means that down here in North Cornwall we can now stop umming and ahhing and forge ahead with setting up a LoRaWAN gateway somewhere high in the hills above SilicInny Valley!

Standards Based V2x Charging Station Technology

We have been asked to elucidate on the nature of the work we will undertake following our successful bid for Department for Transport funding. Whilst we await ministerial sign off on the associated press release please note the following items of information. The title of the project is:

Vehicle to Grid Controller with Modular Communications

Our tagline above mentions:

Standards based V2x charging station technology

Here is an infographic based on a slide from the “International V2G Standards” presentation I gave at the International Energy Agency’s (IEA for short) Hybrid and Electric Vehicles (HEV for short) Technology Collaboration Programme (TCP for short) Wireless Charging and V2X Experts’ Workshop held at the Newcastle University Business School on March 20th 2018:

Infographic: Kasia Turajczyk
Infographic: Kasia Turajczyk

Our current funding does not cover the development of any power electronics.

Hopefully that is of some help?

EV Charging Station Administration using OCPP 1.6 with SteVe

As part of our mission to experiment with “alternative” electric vehicle charging station communications technologies we’ve been searching for open source software for the “server” end of things that supports OCPP 1.6. We’d been looking at the ChargeTime Java server from Thomas Volden when news reached us that the SteVe project from the Rheinisch-Westfälische Technische Hochschule Aachen had just been updated to (mostly) support OCPP 1.6. As the ReadMe puts it:

SteVe was developed at the RWTH Aachen University and means Steckdosenverwaltung, namely socket administration in German. The aim of SteVe is to support the deployment and popularity of electric mobility, so it is easy to install and to use. SteVe provides basic functions for the administration of charge points, user data, and RFID cards for user authentication and was tested successfully in operation.

SteVe is considered as an open platform to implement, test and evaluate novel ideas for electric mobility, like authentication protocols, reservation mechanisms for charge points, and business models for electric mobility. SteVe is distributed under GPL and is free to use. If you are going to deploy SteVe we are happy to see the logo on a charge point.

We eagerly cloned SteVe from GitHub and carefully followed the instructions. Working from the Scientific Linux command line it took a while for Maven to do its thing and then SteVe burst into life at the very first time of asking!

SteVeStartup

Next we tried SteVe on our trusty Raspberry Pi 3B. Whilst we have previously successfully used MySQL on a RasPi on this occasion it seemed prudent to configure SteVe to use the existing database on our Linux server. Having allowed him through our firewall once again SteVe immediately burst into life without further ado.

It took slightly more work to get him working inside Eclipse. We had to set up a suitable “Maven Build” configuration:

SteVeMaven

which produced this by way of console output:

SteVeConsole

The only slight fly in the ointment at the moment is that SteVe doesn’t yet support OCPP 1.6 charging profiles:

SteVeProfile

However we confidently anticipate that issue being solved in the not too distant future! As a side effect of this exercise we have also produced a forked version of the ChargeTime OCPP client, together with a modest demonstration “charging station”. Please feel free to check them out at:

https://github.com/V2G-Ltd/Java-OCA-OCPP

and

https://github.com/V2G-Ltd/OCPP-1.6-EVSE-Demo

That all works fine for us on our Azul Zulu equipped Raspberry Pi Compute Module 3.