Weak security means attackers could disable all of a city's public EV chargers

Shared authentication keys and exposed debugging ports in rentable IoT infrastructure (EV chargers, e-bikes, scooters) allow attackers to remotely execute coordinated DoS attacks that could disable an entire city's public charging network, exposing how developers prioritized user convenience over security.

Friday, April 24, 2026 12:00 PM UTC2 MIN READSOURCE: The RegisterBY sys://pipeline

Tsinghua University researcher Hetian Shi presented critical security flaws in rentable IoT infrastructure (EV chargers, shared e-bikes/scooters) at Black Hat Asia, discovered through authorized penetration testing. Vulnerabilities include exposed debugging ports, shared authentication keys, and weak backend authentication enabling attackers to create phantom clients for free service use and execute coordinated denial-of-service attacks on entire city networks. Using his tool IDScope, Shi demonstrated remotely disabling EV chargers and theorizes flaws stem from developers prioritizing user convenience over security.