Uncovering Security Flaws in DC Chargers for Electric Vehicles

The added connectivity and transmission of personal and payment information in electric vehicle (EV) charging technology creates larger attack surfaces and incentives for malicious hackers to act. As EV charging stations are a major and direct user interface in the charging infrastructure, ensuring cybersecurity of the personal and private data transmitted to and from chargers is a key component to the overall security. Researchers at Southwest Research Institute® (SwRI®) evaluated the security of direct current fast charging (DCFC) EV supply equipment (EVSE). Identified vulnerabilities included values such as the MAC addresses of both the EV and EVSE, either sent in plaintext or encrypted with a known algorithm. These values allowed for reprogramming of non-volatile memory of power-line communication (PLC) devices as well as the EV’s parameter information block (PIB). Discovering these values allowed the researchers to access the IPv6 layer on the connection between the EV and EVSE and use traditional ethernet penetration testing methods, including port and vulnerability scanning. Port scanning exposed open SSH and HTTP services, the latter of which was vulnerable and allowed unauthenticated retrieval of proprietary information. The ports should be secured, or closed if unneeded, to prevent this type of vulnerability.