EV Fast Chargers Vulnerable to Remote Hacking, Study Finds

fast charging vulnerability
SwRI research engineers, from left, FJ Olugbodi, Mark Johnson and Katherine Kozan demonstrate an adversary-in-the-middle device they developed to test the cyber resiliency of ISO 15118-compliant vehicle-to-grid charging systems. With the device, SwRI identified cybersecurity vulnerabilities with electric vehicles using direct current fast-charging systems. Credit: Courtesy of SwRI

Engineers at Southwest Research Institute (SwRI), located in Texas, discovered a vulnerability in fast charging stations for electric vehicles that allows hackers to gain unauthorized access and even modify embedded software.

Power Line Communication (PLC) technology uses existing electrical cables for data transmission. This technology also enables the transfer of voice, video, and internet traffic through electrical wiring. This method of information exchange has existed for over a century, having been invented and used as far back as 1922.

Today, approximately 40 million electric vehicles travel the world’s roads. About 86% of their owners charge their cars at home, and about 59% use public charging stations weekly. The United States has around 10,000 direct current fast charging (DCFC) stations, creating numerous potential vulnerabilities for car owners.

Level 3 charging stations use an IPv6-based protocol to communicate with the vehicle, monitor, and collect data, including the charge status and vehicle identification number. Researchers from Southwest Research identified vulnerabilities in the PLC layer, allowing them to access network keys and digital addresses of both charging stations and connected vehicles. This was made possible through a specialized AitM attack.

Through our penetration testing, we found that the PLC layer was poorly secured and lacked encryption between the vehicle and the chargers,” said Katherine Kozan, an engineer who led the project for SwRI’s High Reliability Systems Department.

Previously, in 2020, employees from the same institute managed to hack the J1772 charging system to simulate a malicious attack, sending signals to mimic overcharging, altering current flow rates, and even completely blocking the charging process.

Vulnerabilities in Level 3 charging stations enable potential hackers to go even further, such as embedding malicious code in the vehicle’s firmware, altering its functions or disabling them, and providing remote access to control the car via the internet.

An example of such attacks is the 2015 incident when hackers from Missouri took control of a Jeep Cherokee, manipulating its movement and even disabling the brakes, exploiting a vulnerability in the onboard multimedia system.

Adding encryption to the network membership key would be an important first step in securing the V2G charging process,” said FJ Olugbodi, an SwRI engineer who contributed to the project. “With network access granted by unsecure direct access keys, the nonvolatile memory regions on PLC-enabled devices could be easily retrieved and reprogrammed. This opens the door to destructive attacks such as firmware corruption.

Tampering with an electric vehicle’s firmware by a malicious actor can have severe consequences for the driver and others. Modern cars, heavily loaded with various software, processors, and internet connections, essentially become mobile data centers.

For instance, new Tesla models use an AMD Ryzen central processor and an AMD Radeon graphics processor, similar to desktop home computers. The car also contains about 63 other processors to perform various specific tasks.

Southwest Research engineers have already developed a potential solution to such attacks. Researchers designed a new “zero trust” architecture specifically for use in electric vehicles.

The zero-trust principle is based on the assumption that if an attacker wants to breach your firewall, they likely will, and you cannot stop them. However, to ensure zero trust, every digital asset must confirm its identity and network membership at the root level before executing a command. In this context, the vehicle itself acts as the network.

The system can also monitor its integrity, detecting any anomalies and illegal communication packets in real-time in case an attacker gains access to the vehicle. Although modern cars currently lack zero-trust architecture, the development by SwRI engineers could be a good start for its widespread adoption.

Related Posts: