Cars, Hackers & Cyber Security

Automotive cybersecurity is becoming increasingly important as electric vehicles face new vulnerabilities. In this episode, we explore a major flaw discovered in the EVerest open-source charging firmware, which could allow attackers to take control of charging stations and potentially compromise vehicles themselves. This vulnerability serves as a stark reminder of the importance of securing EV charging systems as part of the broader electric vehicle infrastructure.

As electric vehicles become more integrated with smart grids and other technologies, their cybersecurity risks grow. Vulnerabilities like this one could have serious implications not only for individual vehicles but also for entire charging networks and infrastructure. We discuss the technical details of the vulnerability, how it could be exploited, and what steps need to be taken to secure these systems.

This episode offers essential information for anyone in the EV manufacturing space, as well as those interested in the cutting-edge developments of automotive cyber defense. Don’t miss this important conversation on protecting electric vehicles and the charging systems that power them from the next generation of cyber threats.

Chapters:

(00:00) Introduction to Critical Vulnerability in EVerest Open-Source EV Charging

(02:03) EV Charging Vulnerability Description

(03:35) What makes this vulnerability unique?

(04:15) Sample public charging station attack scenarios

(05:05) Why EVs May Also Be at Risk from This Vulnerability

(06:20) Important Takeaway for EV Manufacturers

(07:25) Proactive Steps for EV Security

(08:02) Outro for the PlaxidityX Automotive Cybersecurity Podcast

What is Cars, Hackers & Cyber Security?

As cars become smarter and more connected, the demand for top-tier automotive cyber security has never been higher. With expert insights from PlaxidityX, a leading automotive cyber security company, we’ll guide you through the challenges and solutions protecting millions of vehicles worldwide. Whether you’re an industry expert or just curious about how cars are secured in the digital age, this podcast comprehensively looks at how cyber defenses are developed, tested, and deployed.

We don’t just talk about the technology; we talk about what it means for you—the driver, the manufacturer, the tech enthusiast. We explore how automotive cyber security solutions are applied in real-world scenarios to safeguard everything from onboard infotainment systems to critical vehicle control units.

Tune in to gain a deeper understanding of how manufacturers are staying one step ahead of hackers and ensuring a more secure, connected world.

00:00:00:12 - 00:00:03:15

Welcome to cars, hackers and cybersecurity.

00:00:04:04 - 00:00:07:04

Here we break down the latest in automotive cybersecurity,

00:00:07:04 - 00:00:10:19

helping you stay ahead in building secure connected vehicles.

00:00:12:20 - 00:00:37:17

Hi. Today, we're discussing a critical EV charging security flaw that could let attackers bypass payment systems and access vehicle controls. Today's vehicles have become more connected and software driven, exposing them to cyber risks. Electric vehicles or EVs are no different in this respect. However, what makes EVs particularly susceptible to cyber threats is that they are not standalone entities.

00:00:37:19 - 00:01:00:18

Electric vehicles are part of a larger, interconnected ecosystem that includes charging stations, smart grids, and other vehicles. A security flaw in one of these components could conceivably put the other components at risk. For example, the communications between EVs and charging stations could be compromised by bad actors who tamper with charging stations.

00:01:00:18 - 00:01:13:23

Putting the vehicle at risk in light of these threats, the Park City Research Group has been conducting in-depth research on EV charging protocols in the communication between the EV and the charging station.

00:01:14:00 - 00:01:24:06

Our goal was to explore and understand known and previously undisclosed ways that an EV or a charging station could be attacked via the charging interface.

00:01:24:06 - 00:01:26:11

We will describe a critical vulnerability.

00:01:26:12 - 00:01:34:10

in an open source framework discovered by our researchers, which could potentially allow an attacker to compromise and take control of a charging station.

00:01:34:10 - 00:01:41:10

The vulnerability had already been responsibly disclosed to the project's maintainers and the issue was fixed.

00:01:41:12 - 00:02:14:19

We believe the discovery of this vulnerability is also relevant for EV manufacturers, as these protocols are used for bidirectional communication. They also must be implemented in the EV. Therefore, while hypothetical, it is reasonable to assume that the same vulnerability could be used to compromise the ECU responsible for EV charging inside the vehicle. Vulnerability description. The critical vulnerability was discovered in the Evers Project, which is an open source modular framework for setting up a full stack environment for EV charging.

00:02:14:21 - 00:02:40:09

The Everest project was initiated by annex GmbH to help with the electrification of the mobility sector, and is an official project of the Linux Foundation. Energy. This large open source project aims to eventually become the standard communication stack for public charging stations. Our team discovered an integer overflow in the v2 g transport protocol v2 GTP

00:02:40:14 - 00:02:43:11

Implementation of the EVs Ev2 module.

00:02:43:11 - 00:02:45:11

of the Everest framework.

00:02:45:13 - 00:02:55:18

This vulnerability leads to a heap overflow, and allows an attacker to run arbitrary code on the Linux process, which can lead to bypassing the payment gate for charging.

00:02:55:18 - 00:03:02:07

Compromise private keys stored in the charging station, also referred to as electric vehicle supply equipment

00:03:02:07 - 00:03:16:13

and communicate with the vendors back end using open ChargePoint protocol. By impersonating the compromised but trusted charging station, this vulnerability has been discovered while testing the Everest implementation with Placidity

00:03:16:13 - 00:03:33:11

ICS Security Auto Tester, a tool designed to fuzz and detect security issues and vulnerabilities in automotive protocols, including V2, G Placidity discreetly disclose the vulnerability to the maintainers of the Everest project, who worked quickly to fix the issue and release

00:03:33:11 - 00:03:34:16

a patch version.

00:03:35:00 - 00:04:08:04

What makes this vulnerability unique? Until now, most security research in cybersecurity of EVs was focused on external communication protocols being used to access the charging station. For example, Wi-Fi, Bluetooth, NFC, etc. in this case, the vulnerability is in the charging interface rather than the typical communication interfaces. Our research around this vulnerability analyzes the direct communication between the EV and the charging station, an area that has yet to get much attention by the security community.

00:04:08:06 - 00:04:35:14

In particular, we wanted to understand how an EV could possibly be used to attack a charging station, and vice versa. Sample attack scenarios. To exploit this vulnerability, the attacker would need access to the public charging station. The most common way to gain access to the charging station software is through a physical connection. The attacker can take a regular charging cable, plug one end into the charging station, and the other end.

00:04:35:16 - 00:04:48:07

After making some simple modifications to a PLC modem connected to a laptop, and then exploit the vulnerability to gain control of the charging station. Note that high level communication between the EV and the EVs

00:04:48:07 - 00:05:05:22

is usually present in public charging stations. These stations can be located in remote areas, often without onsite staff and adequate physical security. In such scenarios, an attacker with the right tools could compromise a charging station without being noticed.

00:05:05:22 - 00:05:17:09

Wives may also be at risk from this vulnerability. As mentioned, the vulnerability we discovered relates to an error in the implementation of a communication protocol in a charging station.

00:05:17:09 - 00:05:19:20

The ISO 1511 8-2.

00:05:19:20 - 00:05:37:07

and Den spec 7012 standard defines the communication between the EV and the charging station. However, implementing this standard is both complex and prone to errors. At the end of the day, these errors could lead to bugs, which in turn could lead to security vulnerabilities.

00:05:37:09 - 00:06:01:20

What's important to note here is that this same standard is also implemented in the Electric Vehicle Communication Control, or EV ECU in the vehicle. In EVs, the SEC is responsible for handling the communication with the charging station. Thus, it's reasonable to assume that the same vulnerability we found in the charging station software could also be found in the SEC itself, due to a faulty implementation.

00:06:01:22 - 00:06:27:06

In such a scenario, an attacker could exploit this vulnerability in the ECU to compromise the ECU and get a foothold inside the vehicle network. In extreme cases, this could give the attacker internal access to the canvas and potentially jeopardize the security of safety. Critical vehicle components. Important takeaway for EV manufacturers. Our research shows that, like many other communication protocols,

00:06:27:06 - 00:06:31:06

Implementing the ISO 1511 8-2 standard.

00:06:31:06 - 00:06:34:05

is prone to programing errors and bugs.

00:06:34:07 - 00:06:58:23

It is the responsibility of each EV manufacturer to take into account a wide variety of edge cases. There's no cookie cutter solution, and getting the implementation right takes a lot of work. The vulnerability we found illustrates the difficulty of getting it right. Although Everest is a huge open source project maintained by lots of developers, we identified a critical vulnerability due to faulty implementation.

00:06:59:00 - 00:07:19:13

If this error managed to escape the eyes of numerous developers, it's reasonable to assume that a proprietary implementation developed in-house by an EV manufacturer could do the same. The bottom line is that EV manufacturers must be mindful of the complexity and potential security risks when it comes to implementing charging communication protocols in their vehicles.

00:07:19:13 - 00:07:21:14

Open source or otherwise.

00:07:21:16 - 00:07:25:09

We've seen here what an error in the implementation could lead to

00:07:26:03 - 00:08:02:15

proactive steps for EV security. Park City has extensive experience working with leading global OEMs and tier one suppliers in dozens of production projects to strengthen their product security posture and help them comply with new automotive cybersecurity regulations. Our consultancy research group provides vehicle and ECU manufacturers with a comprehensive set of automotive cybersecurity services, including automotive penetration testing, terror and cyber security architecture design and under one, 55 and ISO 2143 for cybersecurity compliance.

00:08:04:07 - 00:08:10:05

That's all for today's episode. Keep your engines running smooth and your cyber defense is sharp.

00:08:10:05 - 00:08:14:18

Stay connected by subscribing and visiting placidity. X-Com.

00:08:14:18 - 00:08:18:18

Until next time, stay safe on the road and in the cloud.

EV Charging Security Vulnerability – PlaxidityX Ep 11

EV Charging Security Vulnerability – PlaxidityX Ep 11EV Charging Security Vulnerability – PlaxidityX Ep 11

More episodes

EV Charging Security Vulnerability – PlaxidityX Ep 11

EV Charging Security Vulnerability – PlaxidityX Ep 11

Chapters

What is Cars, Hackers & Cyber Security?