Cybersecurity Risks Associated with EV Fast-Charging Equipment

Study finds vulnerabilities in between EVs and fast-charging infrastructure.

Southwest Research Institute
Jul 17, 2024
SwRI developed an adversary-in-the-middle device with a modified combined charging system to test the cyber resiliency of ISO 15118-compliant vehicle-to-grid.
SwRI developed an adversary-in-the-middle device with a modified combined charging system to test the cyber resiliency of ISO 15118-compliant vehicle-to-grid.
Southwest Research Institute

SAN ANTONIO – Engineers at Southwest Research Institute have identified cybersecurity vulnerabilities with electric vehicles (EVs) using direct current fast-charging systems, the quickest, commonly used way to charge electric vehicles. The high-voltage technology relies on power line communication (PLC) technology to transmit smart-grid data between vehicles and charging equipment.

In a laboratory, the SwRI team exploited vulnerabilities in the PLC layer, gaining access to network keys and digital addresses on both the charger and the vehicle.

The research is part of SwRI’s ongoing efforts to help the mobility sector and government improve automotive cybersecurity spanning embedded automotive computers and smart-grid infrastructure. It builds upon a 2020 project where SwRI hacked a J1772 charger, disrupting the charging process with a lab-built spoofing device.

In the latest project, SwRI explored vehicle-to-grid (V2G) charging technologies governed by ISO 15118 specifications for communications between EVs and electric vehicle supply equipment (EVSE) to support electric power transfer.

The SwRI team developed an adversary-in-the-middle (AitM) device with specialized software and a modified combined charging system interface. The AitM allowed testers to eavesdrop on traffic between EVs and EVSE for data collection, analysis and potential attack. By ascertaining the media access control addresses of the EV and EVSE, the team identified the network membership key that allows devices to join a network and monitor traffic.

However, encrypting embedded systems on vehicles poses several challenges. For instance, added layers of encryption and authentication could even become a safety hazard. A failure to authenticate or decrypt could interrupt a vehicle’s functionality or performance.

SwRI has developed a zero-trust architecture that can address these and other challenges. It connects several embedded systems using a single cybersecurity protocol. SwRI’s future EV cybersecurity research will test zero-trust systems for PLC and other network layers.

Latest in Safety
A Crowdstrike office is shown in Sunnyvale, Calif.
Tech Disruptions Sparked by Software Update Highlight the Fragility of Globally Connected Technology
July 22, 2024
Stellantis
U.S. Investigating Some Jeep and Ram Vehicles After Complaints of Abrupt Engine Stalling
July 22, 2024
This photo provided by U.S. Consumer Product Safety Commission shows the Bissell Steam Shot Handheld Steam Cleaner.
Over 3 Million Steam Cleaners Go Under Recall for Spewing Hot Water Causing Burns
July 19, 2024
The Stellantis logo at the entrance to the Mirafiori factory in Turin.
Stellantis Tells Hybrid Minivan Owners to Park Outdoors Due to Battery Fire Risk
July 19, 2024
Related Stories
Osha
Safety
Investigation into Worker's Death Finds Pallet Manufacturer Failed to Train Employees
Fine artist Cushla Naegele visits the Triangle Shirtwaist Memorial, a day before its official ceremonial opening, Tuesday, Oct. 10, 2023, in New York.
Safety
Memorial Honors Triangle Shirtwaist Factory Fire Deaths That Galvanized Labor Movement
Unnamed (3)
Safety
Protecting Workers Without Sacrificing Productivity
LakeAir air purifier for industrial use.
Safety
Eliminate Indoor Airborne Contaminants to Protect Worker Safety, Productivity
More in Safety
A Crowdstrike office is shown in Sunnyvale, Calif.
Safety
Tech Disruptions Sparked by Software Update Highlight the Fragility of Globally Connected Technology
The large scale disruption is considered to be a major mistake by CrowdStrike.
July 22, 2024
Stellantis
Safety
U.S. Investigating Some Jeep and Ram Vehicles After Complaints of Abrupt Engine Stalling
Sometimes the engines can't be restarted.
July 22, 2024
This photo provided by U.S. Consumer Product Safety Commission shows the Bissell Steam Shot Handheld Steam Cleaner.
Safety
Over 3 Million Steam Cleaners Go Under Recall for Spewing Hot Water Causing Burns
Over 150 injuries have been reported.
July 19, 2024
The Stellantis logo at the entrance to the Mirafiori factory in Turin.
Safety
Stellantis Tells Hybrid Minivan Owners to Park Outdoors Due to Battery Fire Risk
The warning has been issued to more than 24,000 owners.
July 19, 2024
Fisherman Alan Belucci, 48, inspects dead fish on the banks of the Piracicaba River, Piracicaba, Brazil, July 17, 2024.
Safety
Sugar Plant’s Industrial Waste Tied to Fish Die-Off
Several tons of fish have died after alleged illegal dumping from a sugar and ethanol plant.
July 18, 2024
Debris from a Norfolk Southern freight train lies scattered and burning along the tracks Feb. 4, 2023, the day after it derailed in East Palestine, Ohio.
Safety
EPA Watchdog Investigating Delays in How Agency Used Sensor Plane After Fiery Ohio Derailment
The plane made it into the air four days after the disastrous Norfolk Southern derailment last year.
July 18, 2024
Giant wind turbine blades for the Vineyard Winds project are stacked on racks in the harbor.
Safety
Nantucket Wind Power Operations Suspended After Turbine Blade Parts Wash Ashore
Six truckloads of debris have been collected.
July 18, 2024
Giant wind turbine blades for the Vineyard Winds project are stacked on racks in the harbor, July 11, 2023, in New Bedford, Mass.
Safety
Searchers Comb Beaches for Debris from Damaged Offshore Wind Turbine
They are looking for pieces on the beaches of Nantucket Island, a popular summer tourist destination.
July 17, 2024
Pxl 20230914 175228933 6578b5ed863c2
Safety
SureWerx Acquires Fall Safe
Portugal-based Fall Safe is a global leader in critical-use personal protective equipment.
July 12, 2024
I Stock 1255605108
Safety
Japanese Steel Company Reprimanded After Repeated Safety Failures in Texas
In the past five years, the facility has experienced 10 workplace safety incidents — five of which involved an employee's amputation injury.
July 12, 2024
A Paqui One Chip Challenge chip displayed in Boston, Sept. 8, 2023.
Safety
Lawsuit Filed Over Teen Who Died After 'One Chip Challenge'
Despite a warning on the label, children had no problem buying the chips.
July 12, 2024
Pump jacks extract oil from beneath the ground in North Dakota, May 19, 2021.
Safety
Marathon Oil Reaches $241 Million Settlement with EPA
The settlement is over alleged violations in North Dakota.
July 12, 2024
Twisted girders and debris cover the ground the day after a deadly structure collapse at a construction site near the Boise Airport.
Safety
Families of Workers Killed in Idaho Airport Hangar Collapse Sue Construction Company
The structure collapsed under high winds in January.
July 12, 2024
Shoppers pass by cooking oil products at a supermarket in Beijing.
Safety
Soybean Oil, Fuel Chemicals Carried in the Same Trucks in China, Report Finds
The practice was considered an "open secret."
July 10, 2024
The Jeep logo is shown in the south Denver suburb of Englewood, Colo., on April 15, 2018.
Safety
NHTSA Investigating Potential 'Loss of Motive Power' in Jeep Wranglers
An issue from a 2022 recall has resurfaced.
July 10, 2024