DecryptedTech

Friday12 August 2022

New Tactic Could be Used to Impact Charging Stations for Electronic Vehicles


Reading time is around minutes.

Imagine you are standing at a charging station charging your shiny new EV. You smugly look at all the antiquated gas-powered cars as they pay large amounts of money to keep their old, polluting, conveyances functional. Suddenly your charging station just stops working. No reason is given just that you need to try again. You plug it in, and it happens again.

This scenario is one that researchers at the University of Oxford and Armasuisse S+T have discovered as they investigated the Combined Charging System (CSS) to see if there were ways to disrupt it. It turns out due to some core methods of operation there is and it is one that can be put together without a lot of complex knowledge or tools. Due to the sensitive nature of the flaws they discovered, the full details of the method have not been disclosed, but based on what has been released it seems that the system is vulnerable to denial of service attacks from an external source.

When you plug your EV into a charging station there are several things that take place. Your vehicle must send certain information to the station and that information is also forwarded on. The communication between vehicle and charging station takes place over Power-Line Communication. This is a method to send IP packets over the same lines that power is sent. By using the same connection to send the required data as the one used to charge your vehicle, it simplifies the charging system. It also leaves you vulnerable to several disruptive attacks.

Dubbed Brokenwire, the attack relies on electromagnetic interference to disrupt the communication between vehicle and charging station. For anyone that has used a power-line device in the home you already know that fluctuations in your power can have a significant impact on communication and can, at times, completely disrupt them. This is because proper communication relies on consistent power flow over the lines, or you get packet drop and the two endpoints just stop talking. Browkenwire looks to create enough interference in the line to artificially cause this level of interference. This results in the charging station throwing an error and requiring you to initiate the handshake and connection all over again.

According to the research this attack can be performed remotely (up to 151 feet away) using a dipole antenna, a software defined radio, and a small RF amplifier. All these items are available off the shelf and instructions for their general usage can be found online. The power budget for this attack should also be relatively low and could be set up at a site and controlled remotely by an attacker. It could also be set up to go off on a timer to impact high-volume charging times (rush hour etc.). If the broadcast needed to disrupt communication is repeated often enough it could seriously impact functionality.

Brokenwire is an annoyance style attack as it does not do damage to any of the equipment involved. It simply denies their usage. For most people, not being able to use one charger is not going to ruin their day. They will more than likely get enough of a charge to move to the next station and move on. However, as the push to change critical services to EVs increases, there could be a significant impact on their availability. Imagine if EV based fire, police or ambulance services were impacted by properly placed and timed disruption hardware. It would not be a great thing to need one of these services only to find they had depleted batteries because they could not complete a charge.

We are guessing that the fix for this is going to include additional RF and EM shielding at the charging stations. This type of fix is going to take time and will be costly. It also does not protect the vehicle so even with the added protections at the “pump” there is still a chance that this style of attack can be effective with the right tweaks. It is going to be interesting to see if and when the proof of concept code hits the internet and what attackers do with it once it is.

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.