New Video from @DEFCONConference Discusses Security of EV Charging Stations

The video features a fascinating discussion on the security of electric vehicle (EV) charging stations, focusing particularly on the communication modems used in these devices. The speakers, Marcel, a doctoral student at the University of Oxford, and Yan Barren, a red teamer at Albertronic, share their research and findings on the vulnerabilities of these systems.

Marcel begins by explaining his research on the security of EV charging stations, emphasizing the importance of understanding the communication protocols used. Yan Barren, on the other hand, provides a practical perspective as a security professional working for one of the world's largest charging station manufacturers. Both experts warn about the potential dangers associated with manipulating these systems, highlighting that charging stations can reach high power levels, which can be extremely dangerous if mishandled.

The discussion focuses on three charging cable standards: CCS, CCS2, and Knax, which are commonly used in North America and Europe. The speakers explain that communication between the vehicle and the charging station initially occurs through a power signal, followed by power line communication (PLC), and finally through an IPv6 network configuration. They developed an EV emulator to test charging stations in real-world conditions, connecting only to the data pins for safety reasons.

One key discovery is that charging stations primarily use two types of communication chips, QCA7000 and QCA705, with firmware often dating back to 2013 or 2015. This poses a major security problem, as known vulnerabilities, such as the "broken wire" attack that can disrupt wireless EV communication, remain unpatched. The researchers found that despite the disclosure of this vulnerability in 2022, no charging station had received a firmware update to address it.

The speakers then explain how they discovered a vulnerability called the "PIT buster attack," which allows a malicious vehicle to reconfigure a charging station via the charging cable. This attack exploits a specific configuration in the parameter information block (PIB) of the modems, which can be modified to render the charging station unusable. They tested this attack on various devices and found it worked in many cases, raising significant concerns for the security of EV charging infrastructure.

The video also delves into the technical aspects of PLC communication, comparing the modems used in charging stations to those used in home networks. The researchers used open-source tools to analyze and manipulate the modem configurations, discovering that the modems can be remotely reconfigured, posing significant risks.

To demonstrate the extent of the vulnerabilities, the speakers show how it is possible to read and modify the modem configurations remotely, even with security measures in place. They explain that the modems have default configurations that can be exploited to bypass protections, making persistent attacks possible until the device is restarted.

The video concludes with an impressive demonstration where the researchers run the game Doom on a charging station modem, illustrating their ability to execute arbitrary code on these devices. They conclude by highlighting the challenges related to the security of EV charging stations and the importance of finding solutions to protect these critical infrastructures.

For more details, watch the full video at the following address: https://www.youtube.com/watch?v=SQz4nySj4hg TAGS: Cybersecurity,Vulnerabilities,ElectricVehicles,CommunicationProtocols