Charging cards for e-cars are insecure

If you charge your electric car, you use a charging card at the e-pillar. Whether TCS, Swisscharge, Chargepoint or Move: the IDs on the charging cards are insecure, the “K-Tipp” found out.

Apparently, it’s child’s play for criminals to copy the charging cards of electric car owners and then charge up at a charging station at their expense, reports “K-Tipp” (paid item). For example, according to the report, the charging station operator Move Mobility had to block such cards in recent years after e-car drivers discovered irregularities in their billing.

But the company is not the only one affected. The IT security company Syss from Tübingen (D) checked charging cards from TCS, Energie 360, Swisscharge, Chargepoint, Plugsurfing, Move and Repower on behalf of “K-Tipp”. And all of the cards were insecure and could be copied and read by third parties. All you need is an Android smartphone, an NFC app or a card copier.

Unencrypted e-charging cards

One reason for this is that drivers do not have to insert the charging card into a charger or type in a PIN. According to an employee of the IT security company mentioned, the ID on the charging cards is not protected by encryption.

Both the card issuers and the manufacturers of the charging infrastructure are aware of the problem. However, both do nothing about it and blame each other. The card issuers say that if the cards are encrypted differently, they can no longer be used on other providers’ networks. In the article, on the other hand, an e-charging station manufacturer points out that safe electricity charging methods are also offered, but that they have no influence on which RFID cards the charging station operators select.

If you have such a charging card, you can put it in a coated case, which should protect against data theft. Never leave the card in the car, but carry it with you in your wallet.