Network keys and addresses accessed in EV fast-charge ‘cyber attacks’

Electric vehicles using rapid charge equipment are vulnerable to hackers, with information accessed through digital back doors. 

Engineers at the Southwest Research Institute [SwRI] tested direct current fast charging equipment, currently the most common and quickest way to refuel an electric vehicle [EV]. The technology relies on power line communication [PLC] to transmit smart-grid data between vehicles and charging equipment, which is where issues were identified. 

According to results from the laboratory trials, the PLC layer is vulnerable to exploitation, opening up network keys and digital addresses for both the charging equipment and vehicles. By developing an adversary-in-the-middle [AitM] device running specialised software, and a modified combined charging system interface, the team was able to ‘eavesdrop’ on traffic between car and charge point, identifying a network membership key which allows devices to join and monitor all traffic. 

‘Through our penetration testing, we found that the PLC layer was poorly secured and lacked encryption between the vehicle and the chargers,’ said Katherine Kozan, an engineer who led the project for SwRI’s High Reliability Systems Department. 

‘Adding encryption to the network membership key would be an important first step in securing the V2G charging process,’ added FJ Olugbodi, an SwRI engineer who contributed to the project. ‘With network access granted by unsecure direct access keys, the nonvolatile memory regions on PLC-enabled devices could be easily retrieved and reprogrammed. This opens the door to destructive attacks such as firmware corruption.’

Encrypting embedding systems is far from a simple solution, though, with authentication  layers potentially becoming safety hazards, while decryption failures could interrupt vehicle functionality and performance. The SwRI team believe they have developed a zero-trust architecture solution to address these problems, connecting several embedded systems through a single cybersecurity protocol. 

‘Automotive cybersecurity poses many layers of complexity, but we are excited about these new techniques to identify and address vulnerabilities,’ said Cameron Mott, an SwRI manager leading SwRI’s automotive cybersecurity research. Moving forward, the team will begin testing the zero-trust system on PLC and other network layers. 

Last week, we reported on research by the Alan Turing Institute which exposed the vulnerabilities of offshore wind farms to cyber attacks. 

Image: SwRI