"EV Charging Management System Vulnerabilities Allow Disruption, Energy Theft"
Security researchers at SaiFlow, warn that many electric vehicle (EV) charging management systems are affected by vulnerabilities that could allow hackers to cause disruption, steal energy, or obtain driver information. The security holes are related to the communications between the charging system management service (CSMS) and the EV charge point (CP), specifically the use of the Open Charge Port Protocol (OCPP). The flaws have been confirmed to impact the CSMS offered by multiple vendors. The researchers stated that the problem is related to the use of WebSocket communications by the OCPP and how it mishandles multiple connections. The protocol does not know how to handle more than one CP connection at a time, and attackers could abuse this by opening a new connection to the CSMS. The researchers noted that another issue is related to what they describe as “weak OCPP authentication and chargers identities policy.” By opening a new connection to the CSMS on behalf of a charge point, the attacker causes the original connection to be closed or to become nonfunctional. According to the researchers, an attacker can exploit the weaknesses to launch a distributed denial-of-service (DDoS) attack that disrupts the electric vehicle supply equipment (EVSE) network. In addition, if an attacker can connect to the CSMS, they may be able to obtain drivers’ personal information, including payment card data, as well as other sensitive data, such as server credentials. The researchers noted that in certain configurations if the charger approves unknown driver identities, an attacker may be able to charge their vehicle without paying for it. The researchers stated that since the CSMS platforms are publicly accessible, it is possible for an attacker to hijack the connection remotely without needing to gain credentials, access, or perform MITM attacks. The researchers believe it may be possible for a somewhat inexperienced hacker to carry out an attack, even with limited resources. The researchers noted that it doesn’t seem like the vulnerabilities can be easily patched by vendors. They have alerted many key players in the industry of their findings and how they can approach a solution.
SecurityWeek reports: "EV Charging Management System Vulnerabilities Allow Disruption, Energy Theft"