November 2024: EV Charging Cybersecurity

When
Wednesday, November 6th, 2024 11:00 AM EST

Who
Maggie Shipman, Research Engineer, Southwest Research Institute (SwRI) Intelligent Systems Division

What
“EV Charging Cybersecurity”

Description
Overview of the EV Charging Ecosystem:

  • Current News: Get an update on EV Charging Cybersecurity literature, government action, and “hacks in the wild.”

  • Crash Course: This presentation will quickly breakdown the EV Charging Ecosystem components, roles, and interactions of all involved in making seamless charging a reality.

  • SwRI Hacks & Research: Let’s dive into FOUR unique hacks performed by Southwest Research Institute engineers! Including…

  • DCFC Hack - July 16, 2024 — Engineers at Southwest Research Institute have identified cybersecurity vulnerabilities with electric vehicles (EVs) using direct current fast-charging systems, the quickest, commonly used way to charge electric vehicles. The high-voltage technology relies on power line communication (PLC) technology to transmit smart-grid data between vehicles and charging equipment.

    • In a laboratory, the SwRI team exploited vulnerabilities in the PLC layer, gaining access to network keys and digital addresses on both the charger and the vehicle.

    • “Through our penetration testing, we found that the PLC layer was poorly secured and lacked encryption between the vehicle and the chargers,” said Katherine Kozan, an engineer who led the project for SwRI’s High-Reliability Systems Department. The team found unsecured key generation present on older chips when testing, which was confirmed through online research to be a known concern.

    • The research is part of SwRI’s ongoing efforts to help the mobility sector and government improve automotive cybersecurity spanning embedded automotive computers and smart-grid infrastructure. It builds upon a 2020 project where SwRI hacked a J1772 charger, disrupting the charging process with a lab-built spoofing device.

    • In the latest project, SwRI explored vehicle-to-grid (V2G) charging technologies governed by ISO 15118 specifications for communications between EVs and electric vehicle supply equipment (EVSE) to support electric power transfer.

  • Level 3 Hack - November 9, 2020 — Engineers at Southwest Research Institute were able to interfere with the charging process of an electric vehicle (EV) by simulating a malicious attack as part of an automotive cybersecurity research initiative.

    • The SwRI team reverse-engineered the signals and circuits on an EV and a J1772 charger, the most common interface for managing EV charging in North America. They successfully disrupted vehicle charging with a spoofing device developed in a laboratory using low-cost hardware and software.

    • “This was an initiative designed to identify potential threats in common charging hardware as we prepare for widespread adoption of electric vehicles in the coming decade,” said Austin Dodson, the SwRI engineer who led the research.

    • SwRI performed three manipulations: limiting the rate of charging, blocking battery charging, and overcharging. A SwRI-developed “man-in-the-middle” (MITM) device spoofed signals between charger and vehicle. Researchers also drained the battery and generated signals to simulate J1772 charging rates.

    • When overcharging, the vehicle’s battery management system detected a power level that was too high and automatically disconnected from charging. To limit charging, the MITM device requested the smallest charge allowed (6 amps) to dramatically reduce the charging rate. To block battery charging, a proximity detection signal barred charging and displayed the warning: “Not Able to Charge.”

    • “The project effectively tricked the test vehicle into thinking it was fully charged and also blocked it from taking a full charge,” Dodson said. “This type of malicious attack can cause more disruption at scale.”

  • Future Work: SwRI is set to continue to explore this ever-expanding ecosystem. Take a look at what new research their engineers have planned and how you can get more involved in all things EV Charging Cybersecurity!

Previous
Previous

December 2024: 2024 Trends in Critical ICS Exposures

Next
Next

October 2024: Trust for Secure Automotive Systems