Two new safety weaknesses found in a number of electrical automobile (EV) charging methods may very well be exploited to remotely shut down charging stations and even expose them to knowledge and power theft.
The findings, which come from Israel-based SaiFlow, as soon as once more reveal the potential dangers dealing with the EV charging infrastructure.
The points have been recognized in model 1.6J of the Open Charge Point Protocol (OCPP) normal that makes use of WebSockets for communication between EV charging stations and the Charging Station Management System (CSMS) suppliers. The present model of OCPP is 2.0.1.
“The OCPP normal would not outline how a CSMS ought to settle for new connections from a cost level when there’s already an energetic connection,” SaiFlow researchers Lionel Richard Saposnik and Doron Porat mentioned.
“The lack of a transparent guideline for a number of energetic connections might be exploited by attackers to disrupt and hijack the connection between the cost level and the CSMS.”
This additionally signifies that a cyber attacker might spoof a connection from a sound charger to its CSMS supplier when it is already related, successfully resulting in both of the 2 eventualities:
- A denial-of-service (DoS) situation that arises when the CSMS supplier closes the unique the WebSocket connection when a brand new connection is established
- Information theft that stems from conserving the 2 connections alive however returning responses to the “new” rogue connection, allowing the adversary to entry the motive force’s private knowledge, bank card particulars, and CSMS credentials.
The forging is made attainable owing to the truth that CSMS suppliers are configured to solely depend on the charging level identification for authentication.
“Combining the mishandling of latest connections with the weak OCPP authentication and chargers identities coverage might result in an unlimited Distributed DoS (DDoS) assault on the [Electric Vehicle Supply Equipment] community,” the researchers mentioned.
OCPP 2.0.1 remediates the weak authentication coverage by requiring charging level credentials, thereby closing out the loophole. That mentioned, mitigations for when there are a couple of connection from a single charging level ought to necessitate validating the connections by sending a ping or a heartbeat request, SaiFlow famous.
“If one of many connections just isn’t responsive, the CSMS ought to remove it,” the researchers defined. “If each connections are responsive, the operator ought to be capable of remove the malicious connection instantly or by way of a CSMS-integrated cybersecurity module.”