From Charging to Hijacking: The Autel MaxiCharger Vulnerability
The transition to electric vehicles (EVs) is rapidly gaining momentum, but the recent Pwn2Own Automotive 2024 competition in Tokyo has revealed a concerning vulnerability: EV chargers themselves can be hacked. Researchers from Computest’s Sector 7 team demonstrated how they could remotely gain full control of an Autel MaxiCharger, opening the door to a variety of potential threats.
Bluetooth, Buffer Overflows, and Fraudulent Charges
The Autel MaxiCharger, brimming with connectivity features like Wi-Fi, Bluetooth, Ethernet, 4G LTE, an RFID reader, and a touchscreen, was demonstrated to be highly vulnerable when Sector 7 exploited its Bluetooth functionality. Without any additional prerequisites beyond proximity, the team executed arbitrary code on the charger, bypassing critical security measures.
The vulnerability, assigned CVE-2024-23958, was a Bluetooth authentication bypass. Essentially, the charger’s authentication mechanisms could be circumvented, allowing an attacker to connect to the device and manipulate it remotely—without the need for a password or PIN. Combined with buffer overflow vulnerabilities (CVE-2024-23959 and CVE-2024-23967), these flaws provided attackers with the keys to the kingdom: complete control over the charger.
One of the most significant challenges the team faced was extracting the device’s firmware to better understand how its software updates were managed via mobile apps and Bluetooth. The Autel firmware’s download links were obfuscated, a feature meant to prevent tampering. However, Sector 7 ingeniously employed a character substitution method to decrypt these links, granting them access to the firmware.
Once inside, the team found a deeply concerning bug within the Bluetooth authentication process, revealing prebuilt code in the firmware that could be leveraged to bypass authentication entirely. This meant that any device within range of the charger’s Bluetooth signal could pair with it—no code required.
The implications were dire. In their demonstration, the researchers illustrated how an attacker could exploit these weaknesses to inject malicious code, gaining the ability to manipulate key settings, adjust charging parameters, or even disable the device completely.
Firmware Updates and Thorough Testing: The Best Defense
Autel responded swiftly to the discovery, releasing patches for the identified vulnerabilities. However, the researchers stressed the importance of regularly updating firmware and conducting thorough security testing for all EV chargers. As the EV ecosystem continues to expand, so too will the potential for cyberattacks. Ensuring the security of EV charging infrastructure is essential to protect both EV owners and the wider energy grid.
