Black Hat Asia researchers have demonstrated how to circumvent payment workflows used at electric vehicle charging stations. Chinese web giant TenCent’s Blade Team, a security research group, showed how using exploits one a hacker can change the charging voltage and current in an act that could damage the connected EV. They presented the hack at the Black Hat Asia conference.
“The construction of charging stations is accelerating all over the world, but there is little research on the security of electric vehicle infrastructure,” said TenCent Blade Team senior security researcher Wu HuiYu.
HuiYu and fellow TenCenter, Li YuXiang, conducted an attack on five rented smart electric cars of different models using a security test tool called “XCharger.” The tool captures, modifies, replays, and fuzzes the data packets in the communication process between the charging station and the electric vehicle. The researchers used XCharger on a Raspberry Pi. They inserted the tool between the charging tower and the electric vehicle.
Researchers note that while some vehicle companies use authentication and communication protocols, others rely on the VIN number which is visible in plaintext through a vehicle’s windshield and can be easily stolen.
On the software side, the Tencent team used CANtools, a tool for observation and interpretation of messages sent on the Controller Area Network (CAN bus) that connects devices in cars. Using CANtools the researchers read messages generated during the charging process and wrote their own messages to bypass authentication and charge the vehicle for free.
The TenCent’s Blade team notified the vendors and the vulnerabilities have already been patched.
In another car hacking demonstration, Kartheek Lade of Indian security consultancy Amynasec Labs cracked a car and controlled it by sending messages over Telegram. Lade used CANalyse, a tool that analyses log files to find unique data sets, and a Raspberry Pi as well to exploit the vehicle and control its functions.
Lade has successfully “bricked” the car (using his language) and also warned others not to try the demonstrated exploit without the vendor’s permission.