Clashing EV Chargers in The Pentesting Arena
How to use electric vehicle chargers in the right way? Charge cars? Too boring! They can do much more than that! Modern on-premises and private EV chargers are computers with Wi-Fi, Bluetooth, RFID, Ethernet, and other communication channels that penetration testers find highly engaging to explore. What about trying to see behind the curtain and check how secure they are? Sounds much more interesting, doesn’t it? The aim of this talk is to demonstrate the results of a recent security assessment of three popular models of EV chargers, by providing a detailed analysis of their attack surfaces, highlighting the typical vulnerabilities that were revealed during our extensive research and emphasizing their potential impact, all the way down to releasing a set of proposed security measures intended to fortify EV charging technologies and ensure their protection. During my presentation, my central focus will be on the methodologies employed by the PCAutomotive team in the security assessment conducted on three electric vehicle (EV) chargers. Initially, I will provide a detailed exposition of the chargers’ architectures, highlighting common features that can potentially expose external attack surfaces, including Bluetooth Low Energy (BLE), web applications, Wi-Fi, and radio-frequency identification (RFID)…etc. Following that, I will provide a comprehensive elaboration on the stage of firmware extraction, where we accomplished successful extraction of firmware from the three chargers, encountering varying levels of difficulty across them leading us to gain a deeper understanding of the charger’s inner workings. Building upon the established potential points of compromise, I will proceed for each attack surface to highlight several identified vulnerabilities in each charger illustrated through screenshots and video recordings, including critical ones that possess a substantial impact on the overall infrastructure of EV chargers. In conclusion, I will culminate the presentation by offering a set of recommendations that merit careful consideration during the development of EV chargers. Note: As a responsible vulnerability disclosure party, we are communicating all our security findings to OEM’s security teams. Keeping in mind that some disclosure processes are still ongoing, we are not disclosing vendors in the talk. We are planning to release whitepapers naming affected vendors as soon as proper patches are issued, and all users get security updates.
About the Speaker
Abdellah Benotsmane is a junior security researcher at PCAutomotive, boasting more than one year of experience in the field. His primary focus lies in penetration testing and security assessment within the automotive sector. Abdellah’s deep interest in cybersecurity led him to pursue a master’s degree in the subject from ELTE University, where he acquired a comprehensive understanding of the complex challenges faced by the industry. His academic background has equipped him with a solid foundation in cybersecurity principles and methodologies, ultimately facilitating his acquisition of industry-recognized certifications, including EJPT and CCNA. He maintains a commitment to professional development, constantly honing his penetration testing skills through practice, study, and the pursuit of further industry certifications.