Multiple Electric Vehicle (EV) charging systems have been found to have two new security flaws that might be exploited to remotely shut down charging stations and possibly expose them to energy and data theft. The findings, which are from the Israeli company SaiFlow, once more highlight the possible dangers to the EV charging infrastructure.
The Open Charge Point Protocol (OCPP) version 1.6J standard, which employs WebSockets for communication between the Charging Station Management System (CSMS) providers and EV charging stations, has been found to have problems. OCPP is currently at version 2.0.1.
“The OCPP standard doesn’t define how a CSMS should accept new connections from a charge point when there is already an active connection,” said the SaiFlow researchers Doron Porat and Lionel Richard Saposnik. “The lack of a clear guideline for multiple active connections can be exploited by attackers to disrupt and hijack the connection between the charge point and the CSMS.”
This also implies that a hacker might impersonate a legitimate charger’s connection to its CSMS provider while it is already established, ultimately resulting in one of the following two scenarios:
- A denial-of-service (DoS) situation arises when the CSMS provider shuts the initial WebSocket connection while a new connection is formed.
- Keeping the two connections active while sending replies to the “new” rogue connection results in information theft, which gives the adversary access to the driver’s private information, credit card information, and CSMS credentials.
The forging is made feasible because CSMS providers are set up to only use the identity of the charging point for authentication. According to the researchers, a significant Distributed DoS (DDoS) attack on the [Electric Vehicle Supply Equipment] network might result from the improperly processing of new connections combined with the weak OCPP authentication and charging identities policy.
OCPP 2.0.1 closes the security issue by imposing charging point credentials and fixing the weak authentication policy. However, SaiFlow emphasized that mitigations for situations when several connections come from a single charging point should require confirming the connections by sending a ping or heartbeat request. The researchers said that the CSMS should drop any connections that are not active. The operator should be able to terminate the malicious connection either directly or through a CSMS-integrated cybersecurity module if both connections are responding.