Exploits & Vulnerabilities
Hacking vulnerabilities of Electric Vehicle Charging
A group of engineers from the Southwest Research Institute spearheaded a attack on an EV’s charging process. The team performed manipulations to see if the EV’s charging system is hackable as part of an automated cybersecurity research initiative.
A group of engineers from the Southwest Research Institute (SwRI) spearheaded a malicious attack on an EV's charging process. The team performed three manipulations to see if the EV's charging system is hackable as part of an automated cybersecurity research initiative. During the exercise, they were able to expose the charging process's vulnerabilities, which resulted in the EV not being able to charge properly.
The SwRI team was able to reverse-engineer the signals and circuits on an EV and a J1772 charger, which is the most common interface used for managing EV charging in North America. The engineers were successful in disrupting vehicle charging with a spoofing device developed in a laboratory with low-cost hardware and software.
Hacking an EV in three steps
The experts executed three manipulations limiting the rate of charging, blocking battery charging and overcharging. Then, a SwRI-developed man-in-the-middle (MITM) device was used to spoof signals between charger and EV. To replicate J1772 charging rates, the engineers also drained the battery and generated signals.
During the overcharging test, the vehicle's management system detected a high power level which prompted in to stop charging. Secondly, the MITM device was able to reduce the allowed charge to only 6amps, significantly reducing the EV's charging capability. The engineers were also able to stop the EV from charging by using a proximity detection signal.
According to Dodson, the project effectively tricked the test EV into believing it was fully charged and barred it from taking a full charge.
The research only focused on J1772 Level 2 chargers. However, the research institute has already started evaluating future testing of Level 3 chargers and penetration of other devices utilized on fleet vehicles and scooters. of Level 3 chargers and penetration of other devices utilized on fleet vehicles and scooters.
Growing demands call for increased EV cybersecurity
According to a report by the International Energy Agency (IEA), electric car sales in 2019 were at 2.1 million worldwide, surpassing 2018, which was already a record year. The electric market share in 2019 also reached a new record of 2.6%, jumping from 2.4& in 2018 and 1% in 2018.
IEA said the market share of EVs is posed to jump 30% by 2030. With this growing demand, the cybersecurity-related issues of charging infrastructure will also be increasingly significant.
Identifying connected-car related vulnerabilities and potentials threats are important to make these vehicles more secured, especially now that more and more people are relying on connected cars for safety and accessibilities.
To learn more about TrendMicro's contribution to finding related vulnerabilities and potential threats, check out our research and insights: