Electric Vehicle DC charging tripped by a wireless hack

No EVs were damaged in the making of this report


Researchers from the University of Oxford published details of a vulnerability in the Combined Charging System that has the potential to abort charging.

The Combined Charging System (CCS) is one of the plethora of standards in the EV charging world, and allows DC fast charging.

Different plug types are used for the US and EU regions (dubbed Combo 1 and 2 respectively) but both use the same underlying technology. As well as taking in all that lovely charge, the EV and the Electric Vehicle Supply Equipment (EVSE) swap messages concerning how charged things are, the maximum possible current and so on. The link used for the communication is provided by the HomePlug Green PHY (HPGP) power-line communication (PLC) technology.

The researchers created a lab testbed that consisted of the same HPGP modems used in most EVs and charging stations at the victim end, and a software defined radio replete with a 1W RF amplifier on an antenna the team made themselves (with which to carry out the attack).

They also took the kit out into the real world and tried it in test sites on seven vehicles from different manufacturers and 18 DC high-power chargers.

The results make for grim reading. The off-the-shelf gear managed to abort the charging process from up to 10 meters away from the target with a power budget of 10mW. The closer one got, the less power was needed to cause a 100 percent packet loss. When outside the lab, the team stuck to a maximum output power of 1W to avoid breaking any national transmission regulations.

Before EV vehicle owners panic about their beloved trundle-wagons being targeted in this way, the attack only interrupts the charging (a victim would need to simply disconnect and reconnect their vehicle.) Researchers found no evidence of any long-term damage caused by the attack. They also reckoned that home AC chargers (which use a different communication standard) were also unlikely to be affected, although cautioned that things could change as home chargers received ISO 15118 support.

However, an unexpectedly uncharged battery could be more than an inconvenience for some users (such as the emergency services) and the wireless nature of the attack makes it stealthier than simply hitting the off button or snipping a cable.

The research is a reminder of the ever-widening attack surface afforded by smart vehicles, not just through the onboard chippery, but also via the connection used to charge the growing fleet of EVs in the world. The team has made a preprint of its paper available here [PDF], with parts redacted for the sake of responsible disclosure. ®

Similar topics

Broader topics


Other stories you might like

  • Will this be one of the world's first RISC-V laptops?
    A sneak peek at a notebook that could be revealed this year

    Pic As Apple and Qualcomm push for more Arm adoption in the notebook space, we have come across a photo of what could become one of the world's first laptops to use the open-source RISC-V instruction set architecture.

    In an interview with The Register, Calista Redmond, CEO of RISC-V International, signaled we will see a RISC-V laptop revealed sometime this year as the ISA's governing body works to garner more financial and development support from large companies.

    It turns out Philipp Tomsich, chair of RISC-V International's software committee, dangled a photo of what could likely be the laptop in question earlier this month in front of RISC-V Week attendees in Paris.

    Continue reading
  • Did ID.me hoodwink Americans with IRS facial-recognition tech, senators ask
    Biz tells us: Won't someone please think of the ... fraud we've stopped

    Democrat senators want the FTC to investigate "evidence of deceptive statements" made by ID.me regarding the facial-recognition technology it controversially built for Uncle Sam.

    ID.me made headlines this year when the IRS said US taxpayers would have to enroll in the startup's facial-recognition system to access their tax records in the future. After a public backlash, the IRS reconsidered its plans, and said taxpayers could choose non-biometric methods to verify their identity with the agency online.

    Just before the IRS controversy, ID.me said it uses one-to-one face comparisons. "Our one-to-one face match is comparable to taking a selfie to unlock a smartphone. ID.me does not use one-to-many facial recognition, which is more complex and problematic. Further, privacy is core to our mission and we do not sell the personal information of our users," it said in January.

    Continue reading
  • Meet Wizard Spider, the multimillion-dollar gang behind Conti, Ryuk malware
    Russia-linked crime-as-a-service crew is rich, professional – and investing in R&D

    Analysis Wizard Spider, the Russia-linked crew behind high-profile malware Conti, Ryuk and Trickbot, has grown over the past five years into a multimillion-dollar organization that has built a corporate-like operating model, a year-long study has found.

    In a technical report this week, the folks at Prodaft, which has been tracking the cybercrime gang since 2021, outlined its own findings on Wizard Spider, supplemented by info that leaked about the Conti operation in February after the crooks publicly sided with Russia during the illegal invasion of Ukraine.

    What Prodaft found was a gang sitting on assets worth hundreds of millions of dollars funneled from multiple sophisticated malware variants. Wizard Spider, we're told, runs as a business with a complex network of subgroups and teams that target specific types of software, and has associations with other well-known miscreants, including those behind REvil and Qbot (also known as Qakbot or Pinkslipbot).

    Continue reading

Biting the hand that feeds IT © 1998–2022