Car charger hacking risk shows 'everyday items can be vulnerable to attack'
New legislation for connected devices will provide better protection for consumers and national security, says international law firm RPC
Following news that Wallbox has pulled sales of the Copper SB Charger over fears hackers could use it as a "weapon" to disrupt the National Grid, Richard Breavington, Partner and Head of the Cyber and Tech insurance team at international law firm RPC, said:"Today's story highlights that cyber security vulnerabilities are not always localised to computers and software.
"Hackers are becoming more advanced every year, finding novel ways to exploit vulnerabilities found in the "weakest link" of the longest supply chains. This latest example indicates that vulnerabilities can even be found even in everyday items that appear innocuous.
"The scale of the vulnerability is significant, in keeping with recent trends. Last year, more than 1,000 organisations and millions of individuals were impacted by ransomware due to the fact a widely used software, MOVEit Transfer, was vulnerable and exploited.
"Just as MOVEit Transfer software was used by thousands of organisations, Wallbox's Copper SB chargers have been sold to thousands of consumers nationwide and worldwide. Exploitation of a small fraction of these electric chargers could lead to a wide scale "one blow" outage and national grid destabilisation.
"The connection to the internet and operation of the chargers through a smartphone is what makes the devices vulnerable to exploitation. The UK Government is aware of the risks associated with connected devices. This is why new legislation, the UK's consumer connectable product security regime (PSTI), is due to come into effect on 29 April 2024.
"This legislation requires manufacturers of UK consumer connectable products to comply with minimum security requirements, protecting both the consumer and our national security.
"The aim is to allow us to continue purchasing our smart watches, fridges and other devices without fear of risks to our personal data, or in extreme cases devices potentially being used to cause widespread disruption."
Stay connected and subscribe to our latest insights and views
Subscribe Here