Summary
-SwRI engineers found cybersecurity vulnerabilities in DC fast charging EVSE
-These vulnerabilities were exploited in the power line communication layer to gain access to network keys and digital addresses
-The team developed an adversary-in-the-middle device for data interception, analysis, and attack
-Unsecure key generation was found on older chips during testing
-SwRI developed a zero-trust architecture to address interruptions in vehicle functionality
Article
Engineers at Southwest Research Institute have identified cybersecurity vulnerabilities in DC fast charging electric vehicle supply equipment (EVSE). In a laboratory setting, the team exploited vulnerabilities in the power line communication (PLC) layer that transmits smart-grid data between vehicles and charging equipment. They were able to gain access to network keys and digital addresses on both the charger and the vehicle. The team developed an adversary-in-the-middle device with specialized software and a modified combined charging system interface to intercept traffic between EVs and EVSE for data collection, analysis, and potential attacks. The team discovered unsecure key generation on older chips, confirming this to be a known concern through online research.
Additionally, the SwRI team has developed a zero-trust architecture that can effectively address interruptions in a vehicle’s functionality or performance. This architecture connects several embedded systems using a single cybersecurity protocol. Through penetration testing, it was revealed that the PLC layer was poorly secured and lacked encryption between vehicles and chargers. Lead Project Engineer Katherine Kozan emphasized the importance of addressing these vulnerabilities to ensure the cybersecurity of EVSE and the vehicles they are charging. By developing solutions like the zero-trust architecture, SwRI aims to enhance the overall cybersecurity of electric vehicle charging infrastructure.
The vulnerabilities identified by the SwRI engineers highlight the importance of addressing cybersecurity concerns in DC fast charging EVSE. The exploitation of weaknesses in the PLC layer demonstrates the potential for unauthorized access and interception of data between vehicles and chargers. With the development of specialized devices and software, the team was able to demonstrate the vulnerabilities present in the current charging infrastructure. This has significant implications for the security of electric vehicles and the need for robust cybersecurity measures to protect against potential attacks or data breaches.
One of the key findings of the SwRI team was the unsecure key generation present on older chips used in the charging infrastructure. This vulnerability was confirmed to be a known issue through external research, raising concerns about the overall security of existing EVSE. By identifying these vulnerabilities and developing solutions such as the zero-trust architecture, SwRI is taking proactive steps to enhance cybersecurity in electric vehicle charging systems. The team’s efforts to address security concerns in the PLC layer and implement stronger encryption protocols are crucial in safeguarding the data and communication between EVs and chargers.
Lead Project Engineer Katherine Kozan emphasized the importance of securing the PLC layer and implementing encryption measures to protect the communication between vehicles and chargers. The vulnerabilities identified by the SwRI team underscore the need for continuous monitoring and improvement of cybersecurity measures in electric vehicle charging infrastructure. By developing specialized tools and protocols to address these vulnerabilities, SwRI is working towards enhancing the overall security of DC fast charging EVSE. With the increasing adoption of electric vehicles, ensuring the cybersecurity of charging infrastructure is essential to safeguarding the integrity and privacy of data exchanged during the charging process.
Read the full article here