SecurityBrief Asia - Technology news for CISOs & cybersecurity decision-makers
Asia

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Ev charging station cybersecure smart grid open source shield
#
IoT
#
Cartech
#
Supply Chain

LF Energy audit boosts security of EVerest EV charging

Thu, 22nd Jan 2026
Author image
By Kaleah Salmon, News Editor

LF Energy has published the results of an independent security audit of EVerest, an open-source firmware stack used in electric vehicle charging stations, with the full report now publicly available.

The audit examined the publicly available EVerest codebase along with several core protocol implementations. Security firm Quarkslab carried out the assessment, with the Open Source Technology Improvement Fund coordinating the engagement. EVerest is hosted by LF Energy and is deployed across hundreds of thousands of charging points worldwide, where it is used by operators and equipment manufacturers to manage communication between vehicles, local systems and back-end platforms.

Quarkslab assessed EVerest over a 42-day period, beginning with a review of project documentation and software architecture. Working with EVerest maintainers, the auditors developed a custom threat model to focus the assessment on relevant attack surfaces and realistic threat scenarios. The review combined static analysis, manual code inspection, dynamic testing and runtime analysis, alongside protocol-level assessment of components including OCPP and ISO 15118, which underpin communications between chargers, vehicles and back-end systems.

The audit identified 14 findings with security impact across a range of severity levels, including high, medium and low issues, as well as informational observations. Quarkslab provided remediation guidance for each finding, along with broader recommendations for further security hardening. LF Energy said the review also highlighted EVerest's modular architecture and isolation principles, which are intended to limit the potential impact of vulnerabilities.

According to LF Energy, all vulnerabilities identified during the audit have already been addressed by the EVerest community. Deployment of fixes across installed charging infrastructure typically depends on equipment manufacturers and network operators, which manage their own software update cycles.

The publication of the audit reflects growing attention on software assurance within energy and mobility infrastructure, as charging networks scale and integrate more closely with payment systems, roaming services and grid management platforms.

LF Energy framed the work as a proactive measure for a project with expanding adoption and as part of a broader commitment to transparency around open source software used in critical infrastructure.

LF Energy highlighted the collaborative nature of the engagement, involving open-source maintainers, security specialists, and coordinating organisations. It thanked EVerest maintainers including Kai-Uwe Hermann, Ryan Cryar and Piet Gömpel, as well as the Quarkslab team and OSTIF.

LF Energy expects ongoing security hardening work as EVerest continues to evolve and as deployments expand across charging networks.

Related stories
Dark web ‘fraud superstore’ struggles with AI checks
DroneShield names Michael Powell new chief operating officer
Rockwell opens Singapore SOC to secure Asia Pacific OT
Why the all-AI social network looks more fad than legacy
Safer Internet Day spotlights AI, trust & child safety

Top stories

Google boosts AI research, skills & safety in Singapore
Fireblocks & Thales deepen bank crypto key control
SentinelOne debuts lifecycle platform for AI security
CelcomDigi survey to tackle AI-driven scams at unis
Synology gains ISO 27001:2022 for security management