Engineers from the Southwest Research Institute (SwRI) have identified a vulnerability in DC fast charging stations that could allow hackers to access electric vehicles and alter their firmware.
The issue lies within Power Line Communication (PLC) technology. This method transfers data via existing power cables, such as electrical outlets. It works by sending a harmonious signal through the power line, which receivers at the other end interpret and extrapolate data contained in that harmonic. This allows the transmission and reception of communications like voice, video, and even daily internet traffic directly through electrical wiring. This technology has been around since 1922.
Today, there are tens of millions (if not hundreds of millions) of electric vehicles on the roads worldwide. About 59% of electric vehicle owners utilize public charging stations on a weekly basis. In the U.S., there are around 10,000 Level 3 DC Fast Charging (DCFC) stations. This represents 10,000 potential targets for hackers and millions of vulnerabilities just in the United States.
Level 3 DC charging stations, which are the quickest way to recharge electric vehicles, utilize PLC based on the IPv6 protocol for communication with the vehicle, enabling them to monitor issues and gather data — from charge status to the vehicle's identification number (VIN).
By exploiting the PLC vulnerability, attackers can gain access to the network key and digital addresses of both the charging stations and the vehicle through an AitM (adversary-in-the-middle) attack, which could mimic both the electric vehicle and the charging equipment.
“During our penetration testing, we discovered that the PLC level is poorly secured and lacks encryption between vehicles and charging stations,” said SwRI.
In 2020, SwRI researchers successfully hacked the J1772 charging system — the most common type of charger in the U.S. — to disrupt the charging process, simulating a malicious attack. They were able to send signals to the vehicle to mimic overcharging, adjust the charging speed, or completely block the charging process.
Attacks on Level 3 DC charging stations provide potential hackers the opportunity to inject code into the vehicle's firmware, altering functionalities or disabling them entirely. This could even enable remote access and control via the vehicle's internet connectivity.
In 2015, there was a hack involving a Jeep when a pair of hackers from Missouri took control of an unmodified Jeep Cherokee. The hackers went so far as to turn off the engine, take control of the steering, and force the vehicle off the highway before shutting down the brakes. All of this was done while monitoring the vehicle’s location via GPS. They achieved such full control remotely, solely through the infotainment system.
“With access to the network granted by unsecured direct access keys, gaining entry to non-volatile memory areas on PLC-enabled devices was easy, allowing them to be reprogrammed. This opens doors for destructive attacks such as firmware corruption,” said SwRI.
Firmware modification of an electric vehicle by a malicious actor could have serious consequences, as it presents nearly limitless possibilities given the heavy reliance of modern electric vehicles on software and internet connectivity. Essentially, these are data centers on wheels. For instance, the brain of the latest Tesla Model S is powered by AMD Ryzen processors and AMD Radeon graphics cards. These are the same components found in home or office desktop computers. The vehicle also contains approximately 63 other processors.
Simply adding encryption to electric vehicle embedded systems could also pose potential dangers. Any decryption or authentication error in part of the data could cause failures in the electric vehicle’s systems. Imagine trying to brake, but your vehicle decides not to, as it failed to receive an authenticated signal from your brake pedal through the ABS module.
In response, SwRI has developed a new "zero trust" architecture that can bypass encryption layers. Zero trust operates on the assumption that if a malicious actor wants to breach a firewall, they likely will succeed and cannot be stopped. However, zero trust would require every asset — whether a laptop, server, or electric vehicle — to confirm its identity and network affiliation at the root level before executing a command. The network is the vehicle itself.
Each component of the architecture must not only authenticate during each boot but also the zero trust system tracks system accuracy and detects anomalies and unlawful communication packets in real-time if a hacker gains access to the vehicle's systems. This could be a solution for the future.
Source: newatlas
Comments (0)
There are no comments for now