to an attacker vehicle. and for the project ev, it's way worse because you can sideload finware, you can brick it, you can make it to be part a botnet and you could also make attack other servers. the problem in both cases is the lack of proper authentication between the mobile app on our smartphones often used to control these chargers and the computer servers that relay instructions to the boxes, known as apis. do you think it's an easy hike to do? could anyone do it? yes. well, the word "anyone" is quite broad, but anyone who understands apis could easily do it, yes. ken munro heads up pen test partners. after a quick chargeāup, we went back to his place