Speak EV - Electric Car Forums banner

Wi-fi on the electric highway

8078 Views 101 Replies 23 Participants Last post by  Grum
Charging at Chievley I saw this on my phone.

Does anyone know what it is all about? Is there a way that we can get use of wi-fi provided my the charger?
See less See more
  • Like
Reactions: 1
1 - 13 of 102 Posts
Why on earth do they have a different SSID at each site? Surely they could have had one common SSID and then you would only ever have to set it up once.
  • Like
Reactions: 5
Or better still, get the app to set up the wifi connection for you? (where possible)
That should be the intention long term but might require programmers who know what they're doing.

Sent from my Nexus 7 using Tapatalk
  • Like
Reactions: 1
On all the apps I have that do this (wemo, chromecast come to mind) it's insanely buggy and horrible. I'd rather chance it with poor mobile signal than have it half connected to wifi and refusing to pick up an IP address leaving me having to go fiddling in the settings to disable wifi.

Top tip incidentally, off topic but whatever - never set public wifi to automatically connect. Otherwise anyone with a hotspot anywhere could set their wifi name to EH_Chievely and password Ecotricity and next thing you know your phone is connected (presuming you notice) and they're sniffing your packets :eek:. Same goes for O2_wifi or Costa_Coffee etc.
Well yes, but...

Any mobiles apps really must assume that all data connections are insecure, so any that don't use https to talk to servers ought to be banned from the relevant app stores. I know that the Play store policies for developers says that apps must "Handle the user data securely, including transmitting it using modern cryptography (for example, over HTTPS)" and I would assume that Apple do something similar. So that means the only data your phone should be sending that you might not want sniffed would be web page browsing, and again there are ways to protect yourself (on Android go to Chrome settings and turn on data saver: that ensures all non-https traffic is routed through a secure link to Google's servers where it is compressed and images and video are scaled for your device). Or just avoid putting personal data in any non-encrypted web pages.

So in short, yes there's a potential risk but in practice you should be safe on any public wifi provided you are sensible.

BTW, on of my favourite stories is the "Free Wifi" peer-to-peer network you see mostly at airports (though hopefully not so much now as a few years ago). It's reckoned to be the first computer virus that evolved spontaneously instead of being deliberately written by a human being and was due to a 'feature' in Microsoft Windows prior to Windows 7. In the affected versions of Windows after you had connected once to a peer-to-peer wifi network your machine would thereafter broadcast the SSID of the last used peer-to-peer network whenever it was looking for a wifi connection. Someone, somewhere in the world created a link called 'Free Wifi', lots of people who saw it would try connecting, realise there was no actual free wifi, disconnect, but thereafter everywhere they went and weren't connected to anything their machine would also be advertising the same network and so more people would try to connect and become 'infected'.

I guess it would have been too much to hope that the DBT units had (or could be fitted with) Bluetooth LE hardware. That's what they should really be using to control charging from a mobile phone app: there would be no need for any kind of pairing or setting up networks, the phone could just pick up the ids of all nearby chargers, get you to confirm which one and which connector you''re using, and off you go.
See less See more
  • Like
Reactions: 2
Change Log for Android version 1.8:
I'm going to look at the updated T&C.
Update to version 1.0.7 was 24th August 2016. So far as I know they haven't updated the Android app since then.

Sorry, I always get confused between the Electric Highway version number and the rating which *is* 1.8.

Regardless, the play store is still listing the August 2016 version,. and apkpure also has that as the latest version so if they have updated it recently they've not pushed it out to all users yet. (And what you quoted as 'whats new' is definitely the 'whats new' from August).
Why is it impossible for a charger to have its own keypad, linked to its own router access, permanently logged onto its own home base site ; just sat there waiting for someone to punch in their personal ID code ? No phone needed. No app. No RFID. No contactless card. No Credit Card to be read. No data needed. No signal required. No WiFi. No Bluetooth. No holding your mouth a certain way. No weird dancing.

Just pre-register and be allocated a personal ID code. Then key it in when you arrive and plug in.

Why not ?
Not impossible, but also not very friendly and has security implications.

Right now I just pick up my phone and use the app. I don't have to remember any passwords or personal id codes. Easy.

If everyone has to type in a code to identify themselves as a customer, and you have to make sure those codes are long enough that you cannot guess another users code (or use a shorter id code plus a pin code) you're asking everyone to remember something like a 10 digit number.
No ios update either.
Android app history according to apkpure:

Electric Highway 1.0.7 for Android 4.0+
Version: 1.0.7 (107) for Android 4.0+ (Ice Cream Sandwich, API 14)
Update on: 2016-08-26
Signature: c82d86b015458c43bf7125a9759728edc26ec74c Electric Highway 1.0.7(107) apk safe verified
APK File SHA1: 374656310b2cb17542e948fa5e0aba05ae2f8e56
What's new:
Payment – improved support for credit card registration
Enhanced reconnection support when communication with chargepoint is inconsistent during a session
Improved back button behaviour
Fixed issue during registration journey affecting some customers
Now supports stopping a charge when app is switched off and on during a charge
Improved error reporting and added error codes
Fixed address display and postcode validation issue
Updated T&C’s pages
Security enhancements

Electric Highway 1.0.6 for Android 4.0+
Version: 1.0.6 (91) for Android 4.0+ (Ice Cream Sandwich, API 14)
Update on: 2016-07-15
Signature: c82d86b015458c43bf7125a9759728edc26ec74c Electric Highway 1.0.6(91) apk safe verified
APK File SHA1: 71d47153e8e1bb223573b385ca9c9ae33484ae01
What's new: Bug fixes

Electric Highway 1.0.4 for Android 4.0+
Version: 1.0.4 (81) for Android 4.0+ (Ice Cream Sandwich, API 14)
Update on: 2016-07-10
Signature: c82d86b015458c43bf7125a9759728edc26ec74c Electric Highway 1.0.4(81) apk safe verified
APK File SHA1: 6915e592fa95603e20ee8e3fc8365943e7aaffa3
What's new: Support for new charging scheme

Electric Highway 1.0.3 for Android 4.0+
Version: 1.0.3 (80) for Android 4.0+ (Ice Cream Sandwich, API 14)
Update on: 2016-07-09
Signature: c82d86b015458c43bf7125a9759728edc26ec74c Electric Highway 1.0.3(80) apk safe verified
APK File SHA1: 8b04c99b24f2e83b404a92b907d2fce6c676d99d

Electric Highway 1.0.1 for Android 4.0+
Version: 1.0.1 (78) for Android 4.0+ (Ice Cream Sandwich, API 14)
Update on: 2016-07-07
Signature: c82d86b015458c43bf7125a9759728edc26ec74c Electric Highway 1.0.1(78) apk safe verified
APK File SHA1: 1b7644c8b378158776f29b0810c3b6e99e3c6416
See less See more
Not really. A six digit code gives a million variations. It will be quite a while before we have that number of charger customers. Introduce an 'alpha' in there and the available numbers go off the scale. And anyway, there is no need to remember such a code as security is a minor problem. Even if that number was printed on an issued card to carry around it would be easy enough to delete a number centrally on a phone call if the card is lost, much like when a CC is lost/stolen.
In May 2016 there were 38,537 registered Electric Highway users. If you gave everyone a 5 digit number with a single check digit then a randomly guess low number needs 10 attempts to find the check digit. If you make the numbers completely random and distributed evenly across the 6 digits you still have a 1 in 25 chance of guessing a number to give yourself free charging which won't take long even with lockouts on pumps after some number of failed guesses as once you've guess it you can re-use the number you guessed or post it online.

Introducing a letter just makes for something even worse to remember.

If you're going to have an identifying number then stick it in an RFID card or (better) in a mobile phone app. Then it can be as long and random as you want.
  • Like
Reactions: 1
Wasn't the reason they couldn't use their existing RFID cards for paid charging because they weren't secure enough and changing pumps and issuing new cards was deemed too hard and expensive?

Do Chargemaster and others have the same issue or are they using different cards?
No, I think they have many of the same issues. Chargemaster are also using the same MiFare Classic 1k chips, at least that's what my Polar Instant card has. That means if I can get my hands on another card then at least in theory it's easy to clone.

I think part of Ecotricity's problem though was simply that they don't know all the cards that were issued for use on their chargers: they enabled complete ranges from other providers while the chargers were free. Chargemaster may have had a similar problem to begin with, when they introduced Polar Instant they invalidated all the old cards and issued new ones until they decided not to issue any for Polar Instant. I'm sure Ecotricity could have decided to issue 36,000 new cards, but they decided that would be expensive ongoing, the app route is much cheaper (as also chosen for Polar Instant). Polar Plus' ongoing £7.50 a month subscription can pay for a lot of frills like RFID cards.
The user still has to have data available to use the Wifi.
Eh? No, the point of the charger acting as a wifi access point is that the user just needs a wifi capable device, be that phone or wifi tablet. So you can now get a £20 phone to keep in the glove box and not bother with a SIM card at all. This compares reasonably with the £20 a lot of the other providers will charge you for the RFID card except you don't have to keep the RFID charged.
  • Like
Reactions: 1
My doctor's surgery has a touch screen with a set of questions:
- date of birth
- first letter of surname
Add a pin number to that and it would be pretty secure.
Not really. If it's like the one at my surgery its for checking in to an appointment and allows you to do that without being able to tell the names of other people also seeing the doctor or nurse. It doesn't stop you checking in for someone else's appointment as you're prompted at each stage for the required information.

38,000 Electric Highway customers. That means over 100 for each possible month, day combination. So guess a random year, month, day and common letter and you probably get a hit. Now guess a pin number from the most commonly used pin numbers (people are really bad at setting random PINs) and you have a 1 in 15 chance of success. If it fails just try again with a new date and letter.
On the topic of the same ssid for all ecotricity pumps. That's actually not a good move. You would only use it while at one with a dodgy signal. I sit on my phone and browse the web while charging. If it auto logged me on to their network for all points, irrespective of whether I have a good signal then I would have to "forget" the network regularly in my phone.
Yes, that's a fair point although Android (recentish versions at least) will detect that the wifi doesn't route outside and will automatically switch back to using the mobile data instead. In fact that could be a problem if you're trying to connect to start a charge as it might ignore the dodgy wifi and try to use the dodgy mobile instead.

On a related note, can anyone say which Ecotricity pumps actually have coverage problems? it might be useful to have a crowd-sourced list of dodgy pumps. I haven't found any so far but I expect I've just not used a wide enough range of Electric Highway locations.
Failed to start a charge as installing the ecotricity app on the Amazon fire was harder than I thought. However I have just managed to install the app having got home. For those interested, I first had to install apk files for Google play store.
Next time I need to charge at ecot I will try using the fire an ecot wi-fi.
Do you mean installing apk files for Google Play Services? That's a bit different than the Play Store.

The play services actually include a large part of the android os these days as Google have gradually moved as much as possible out of the core which phone vendors are really bad at updating and into a library they control and can update. Almost any app written for android is likely to use features from this library as otherwise they have a very restricted set of functions.

Sent from my Nexus 7 using Tapatalk
Password is all lowercase I think.
Of course what they should have used as the password:
  • Like
Reactions: 2
1 - 13 of 102 Posts
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.