Nothing is more entertaining then ridiculous security flaws. Through the years I have come across many security flaws, but not all are as obvious as this one.
While traveling home from a business trip from Kristiansand yesterday, we had to make a short stop at one of the many electrical charging stations in Kristiansand. Being naturally fascinated by automated or self-service solutions I just couldn’t stop playing around with one of the chargers.
I mean… how can you when it has so many buttons? 🙂
Suddenly I noticed that they had a button saying “Administration menu”. I was quite surprised to see this option since I thought that all these units were controlled from a central location. After clicking the button I was presented with the classic “Enter PIN code” screen. The first thing I did was to determine the maximum length of the PIN code which turned out to be six digits.
While my colleagues went into the store to shop, I tried the most common PINs and see there, suddenly I gained access to the administration menu! It took less five minutes and now I could change a whole lot of settings. Everything from fan control, payment, language and so on could be changed without any problems. Fortum, which owns the units have been informed of this flaw and promised to fix it immediately.
It costs 2.50 NOK (0.30 USD) per minute to charge your electric car.
Why don’t companies take security seriously?