BSidesLuxembourg 2025

Hacking EV Chargers: Fast Track to Market, Fast Track to Vulnerabilities
2025-06-18 , Main Stage

This extended talk builds on my previous lightning talk (Hack.lu 2024) on the discovery and disclosure of vulnerabilities in an Electric Vehicle Smart Charging Point (CVE-2024-5313, CVE-2024-8070).


We’ll dive deeper into the product, how it works under the hood, how it’s meant to be provisioned, and where things went hilariously wrong, allowing privilege escalation (extended, augmented version).

We’ll also step back and look at the bigger picture: why fast go-to-market pressures often lead to critical security oversights, and how these patterns show up across the EV charging ecosystem. Beyond the original device, I’ll share insights from examining other products, where the security posture is sometimes even worse. Expect fun discoveries, and some tales from the fast-moving world of connected devices.

Cybersecurity Director at PwC Luxembourg
Offensive Security & Red Team Leader
Trainer | Speaker | Sworn Judicial Expert