According to Joe Marshall at Cisco Talos, "The most vulnerable elements of an electric vehicle charging station will usually be the EV management system (aka the EVCSMS). Vendors who own these stations need to stay connected with them over the Internet to process payments, perform maintenance, and make their services available to EVs." Consequently, this can expose their stations to attackers who may seek to exploit that EVCSMS.
Marshall is distressed that EVCSMSes are "vulnerable in numerous ways." Many are developed with poor security practices—from hard-coded (and thus stealable) credentials to poor security code development that lets attackers exploit management interfaces to compromise the system. He thinks that "this is not dissimilar from many modern IoT devices, like web cameras or home routers" that traditionally have poorly designed security. EV management system is incredibly similar to other IoT products and markets, as well.
