Engineers from the American Institute Southwest Research (Swri), located in Texas, discovered a vulnerability in fast charging stations for electric vehicles, which allows hackers to gain unauthorized access and potentially modify the built-in software.
The data transmission technology through power lines (PLC) utilizes existing electrical cables to transfer data. This method has been in existence for over a century, with its inception in 1922. It enables the transfer of voice, video, and Internet traffic through electrical wiring.
Currently, there are approximately 40 million electric vehicles worldwide, with around 86% of owners charging their cars at home and 59% utilizing public charging stations on a weekly basis. In the United States, there are roughly 10,000 fast charging stations operating on direct current (DCFC), posing potential vulnerabilities for car owners.
Level 3 charging stations use the IPV6 protocol for communication with vehicles, monitoring, and data collection related to vehicle charging and identification number. Engineers at Southwest Research uncovered a vulnerability in the PLC layer, granting them access to network key and digital addresses of both charging stations and connected vehicles, facilitated by specialized AITM attacks.
“Our tests demonstrated that the PLC layer lacked proper protection and encryption between the vehicle and charging stations,” said Katherine Kozan, a leading engineer at SWRI.
Earlier in 2020, researchers at the same institute manipulated the charging system J1772 to simulate a malicious attack, sending signals to simulate recharging, altering current speed, and even completely blocking the charging process.
The vulnerability in level 3 chargers could potentially allow hackers to embed malicious code into the car’s firmware, altering its functions or disconnecting them, as well as providing remote control access to the vehicle through the Internet.
An example of such attacks occurred in 2015 when Missouri hackers controlled a Jeep Cherokee, manipulating its movement and deactivating brakes by exploiting a vulnerability in the built-in multimedia system.
“Network access through insecure keys allows for easy extraction and reprogramming of devices with PLC, opening doors for destructive