DeepSec 2024 Talk: V2GEvil: Ghost in the Wires – Pavel Khunt & Thomas Sermpinis
This research is dedicated to enhancing the cybersecurity of electric vehicles, focusing specifically on identifying vulnerabilities in the Electric Vehicle Communication Controller (EVCC). This controller facilitates communication with the Supply Equipment Communication Controller during the charging process. Accessible through the On-Board Charging (OBC) port, which is as publicly available as the gas tank in combustion engine vehicles.
The research journey began by studying the electric vehicle charging ports, how they communicate, and the standards they follow, especially focusing on ISO 15118. Then, we closely looked at how On-Board Charging (OBC) works, especially its communication protocols during charging, focusing specially on the High-Level Communication (HLC).
Our research efforts resulted in the development of a dedicated security tool. This tool examines and assesses the implementation of the EVCC (Electric Vehicle Communication Controller). It can simulate the behaviour of the SECC (Supply Equipment Communication Controller) during charging and includes extra features to simplify the process of enumeration and fuzzing the EVCC during charging operations.
In this talk, we’ll explore the world of electric vehicle cybersecurity, focusing on charging communication, vulnerabilities in EVCC implementation, and the development of a dedicated security tool. We’ll discuss charging standards, communication protocols, and real-world scenarios to understand the evolving landscape of electric mobility cybersecurity. Additionally, we’ll showcase and discuss the hardware required for connecting to the vehicle charging port.
We asked Pavel and Thomas a few more questions about their talk.
Please tell us the top 5 facts about your talk.
- Focus on EV Cybersecurity: The talk addresses the cybersecurity of electric vehicles, particularly the vulnerabilities in the Electric Vehicle Communication Controller (EVCC).
- Dedicated Security Tool: We developed a tool that simulates the behavior of the Supply Equipment Communication Controller (SECC) and aids in testing and fuzzing the EVCC.
- ISO 15118 Standard: The research delves into the ISO 15118 standard, crucial for the communication protocols used during electric vehicle charging.
- Hands-on Hardware Insights: The talk includes a discussion on the hardware necessary to connect and test electric vehicle charging ports.
- Real-World Scenarios: Practical examples and real-world scenarios were used to illustrate the vulnerabilities and potential threats in EV charging communications.
How did you come up with it? Was there something like an initial spark that set your mind on creating this talk?
The idea sparked during my master’s research, where I focused on electric vehicle communication protocols, especially around charging. I noticed a gap in the security measures of these systems, specifically in the EVCC, which led me to explore this area further. Thomas, my supervisor, encouraged me to dive deeper, ultimately leading to the development of a dedicated security tool and this talk.
Why do you think this is an important topic?
As electric vehicles become more prevalent, the need for robust cybersecurity in their communication systems is paramount. Vulnerabilities in the EVCC might lead to severe security breaches, affecting both the vehicle and the charging infrastructure. Addressing these issues now is crucial for the safe and secure adoption of electric mobility.
Is there something you want everybody to know – some good advice for our readers, maybe?
Always stay curious and question existing standards, especially in emerging technologies like electric vehicles. Continuous learning and collaboration in the cybersecurity community are key to staying ahead of malicious actors.
A prediction for the future – what do you think will be the next innovations or future downfalls when it comes to your field of expertise / the topic of your talk in particular?
In the future, We predict we’ll see more sophisticated attacks targeting electric vehicle infrastructure, especially as these systems become more interconnected.
Additionally, we plan to evolve our tool by adding new modules that cover emerging attack vectors in the charging communication process. We’ll also implement a module for testing the Electric Vehicle Supply Equipment (EVSE), not just the EV itself.
Pavel Khunt is an Cyber Security Researcher and Penetration Tester at Auxilium Pentest Labs. With a background in engineering, Pavel graduated from FIT CTU, where his master’s thesis focused on V2G (Vehicle-to-Grid) communication during the charging of Electric Vehicles (EVs). Passionate about ensuring the safety and security of automotive technologies.
Thomas Sermpinis (a.k.a. Cr0wTom) is the Technical Director of Auxilium Cyber Security and independent security researcher with main topics of interest in the automotive, industrial control, embedded device and cryptography sectors. During his research, he published several academic papers, 0days and tools with the ultimate goal of making the world a safer place, but also helped almost 100 OEMs and Tier 1 automotive suppliers to achieve better security and develop more secure products.