PCMag editors select and review products independently. If you buy through affiliate links, we may earn commissions, which help support our testing.

PCMag UK

The EV Charger Hack That Can Burn Down Your House Just Got More Terrifying

Trend Micro researchers found a hack to remotely disable overheating protection in most home EV chargers. The results, which we got to see at Black Hat, were explosive.

Neil J. Rubenking
 & Neil J. Rubenking Principal Writer, Security

Our team tests, rates, and reviews more than 1,500 products each year to help you make better buying decisions and get more from technology.

Our Expert
LOOK INSIDE PC LABS HOW WE TEST
65 EXPERTS
43 YEARS
41,500+ REVIEWS
(Credit: Trend Micro)

LAS VEGAS—If you’re the proud owner of an electric vehicle, you likely invested in a home charger. However, since modern cars are well-defended against hacking, criminals have turned to hacking the chargers, and in some cases, with frightening, fiery results.

At last year's Black Hat, we learned that hackers could meddle with your charging schedule, choke down the charging speed, or tweak the billing. None of that would be fun, but it doesn’t compare to this year's conference, where researchers from Trend Micro showcased how they could physically damage your charger, right up to burning your house down.

Jonathan Andersson, security research manager at Trend Micro, started with a shoutout to Pwn2Own automotive, a hacking contest sponsored by Trend Micro’s Zero Day Initiative devoted to demonstrating security vulnerabilities in cars and related tech. After reviewing past winners, he noted that the bugs they found were all very simple.

“When you take these devices apart, they typically have a main CPU that runs the GUI," Andersson said. "Sometimes there’s a second processor for power switching and measurement. There are also a lot of devices and peripherals that contribute to quite a large attack surface.”

In short, EV chargers aren't currently designed with security in mind.

With Great Power Comes Great Overheating

Thanos Kaliyanakis, also a Trend Micro researcher, said his team first performed baseline testing on out-of-the-box unmodified EV chargers. Some of these correctly resisted the hack while others were vulnerable. The team found they could make a small physical modification to the resistant chargers, which put them in the vulnerable category.

“To achieve the task, we needed a way to load the EV chargers with maximum power and pull as much current as possible,” said Kaliyanakis. “We used a bank of heaters to draw various amounts of current during testing.”

If you have one of the vulnerable EV chargers, a hacker across the world could reach in and set it on fire. The same is true for a theoretically safe charger that's defective or that has been modified.

Recommended by Our Editors

How We Test Phones
How We Test Phones
The Best Robot Lawn Mowers for 2026
The Best Robot Lawn Mowers for 2026
The Best Ergonomic Keyboards for 2026
The Best Ergonomic Keyboards for 2026

The results, as demonstrated in a clip reel of all the tests, were nothing short of alarming. In every case, the cables overheated. Some spewed flames, including bits of molten copper. Some released flammable gases into the air, which then ignited. One melted the cord holder off the wall.

“Any cable that didn’t fail violently still failed by melting,” said Andersson. “If the melting cable shorts power through the signal channels, your EV could be damaged.” He noted that overheating the devices to failure took anywhere from an hour to 5.5 hours.

How to Protect Your EV Right Now

Andersson pointed out that you can’t expect a circuit breaker to save your EV charger in this scenario—not unless you purchase a high-end ETU (electronic trip unit) LSI (long-time short-time instantaneous) breaker unit, which costs much more than the typical circuit breaker.

“Don’t mount the cable under the charger, or under anything flammable,” he advised. “Don’t keep the cable coiled while charging. The manufacturer may recommend wrapping the cord around the charger—don’t do that. A shorter cable is safer.”

Andersson encouraged EV charger vendors to "own this problem and fix it." He noted that new but poor-quality chargers with the same bugs appear for sale every day.

Andersson showed a simple circuit diagram for a modified charger that would be immune to the overheating problem reported here and urged EV manufacturers to embrace it. "Charger manufacturers need to create software-independent, hardware-only safety mechanisms," he said. "Without this, the risks of fire exist as presented."

Your trusty charger in your garage may well be one of the safe models. If not, hackers could literally make it explode in a ball of fire. Let's hope the manufacturers take the warning to heart and create chargers with physical safety mechanisms that aren't exposed to hacking. Meanwhile, it’s still not a bad idea to get a shorter cable.

About Our Expert

Neil J. Rubenking

Neil J. Rubenking

Principal Writer, Security

My Experience

When the IBM PC was new, I served as the president of the San Francisco PC User Group for three years. That’s how I met PCMag’s editorial team, who brought me on board in 1986. In the years since that fateful meeting, I’ve become PCMag’s expert on security, privacy, and identity protection, putting antivirus tools, security suites, and all kinds of security software through their paces.

Before my current security gig, I supplied PCMag readers with tips and solutions on using popular applications, operating systems, and programming languages in my "User to User" and "Ask Neil" columns, which began in 1990 and ran for almost 20 years. Along the way, I wrote more than 40 utility articles, as well as Delphi Programming for Dummies and six other books covering DOS, Windows, and programming. I also reviewed thousands of products of all kinds, ranging from early Sierra Online adventure games to AOL’s precursor Q-Link.

In the early 2000s, I turned my focus to security and the growing antivirus industry. After years of working with antivirus, I’m known throughout the security industry as an expert on evaluating antivirus tools. I serve as an advisory board member for the Anti-Malware Testing Standards Organization (AMTSO), an international nonprofit group dedicated to coordinating and improving testing of anti-malware solutions.

The Technology I Use

Much of the testing I do, particularly testing with real-world ransomware, is just plain dangerous. To perform such tests safely, I sequester them inside virtual machines managed by VMWare Workstation. For cross-platform testing, I use a MacBook Air, a Google Pixel 4, and a 6th-generation iPad.

I rely on my Delphi coding skills to create and maintain small applications. These include programs to check whether an antivirus correctly handled the malware it detected, launch dangerous URLs and record the security program’s reaction, and analyze the malware that I collect for use in testing. I also wrote a tiny browser and text editor for use in testing security apps that have predefined reactions for known products.

I do my writing and research on a Dell OptiPlex desktop, relying on Microsoft Word (my fingers know all the shortcuts). Many of my articles include charts and analysis; Excel is my go-to for those. When work hours end, though, I escape the bounds of Microsoft and Windows. There’s an iPhone in my pocket, I relax with my oversized iPad, and my Kindle Oasis is always loaded with the best science fiction and fantasy.

Read the latest from Neil J. Rubenking

Read full bio