Black Hat Asia: City-Wide EV Charger Outages Exposed as IoT Vendors Favor Speed Over Security

Security researchers at Black Hat Asia have demonstrated how a single vulnerability could theoretically disable every public electric vehicle charger in an entire city. The research, focused on rented internet-of-things infrastructure, reveals systemic security failures in platforms managing shared EVs and public charging networks—failures the researchers traced to developers prioritising deployment speed and user convenience over hardened defences.

The investigation examined widely deployed IoT systems for public EV chargers and shared e-bikes. Researchers found that convenience-first design choices created exploitable pathways for denial-of-service attacks capable of scaling across metropolitan areas. The proof-of-concept was conducted using infrastructure in China, but the researchers emphasise the architectural weaknesses are not geographically isolated—they likely affect similar deployments worldwide. The vulnerability class targets the shared backend platforms that vendors reuse across multiple clients and deployment contexts.

The findings raise urgent questions about the security baseline of rapidly expanding smart city infrastructure. As urban areas depend increasingly on networked public services for transportation and energy transitions, the concentration of control in under-secured IoT platforms creates systemic risk. A successful attack would not merely disrupt individual chargers but could cripple an entire city's charging network simultaneously. Researchers warn that without industry-wide security requirements and independent auditing of IoT vendors, the infrastructure supporting electric vehicle adoption remains exposed to large-scale disruption.