Unveiling Cybersecurity Risks in Fast Charging EVs: Insights from Southwest Research Institute
Engineers at Southwest Research Institute (SwRI) have recently spotlighted critical cybersecurity vulnerabilities in electric vehicles (EVs) that utilize direct current (DC) fast-charging systems—the fastest and most commonly used method for recharging EV batteries. This technology, which operates at high voltages, relies on power line communication (PLC) to transfer smart-grid data between vehicles and charging equipment. However, SwRI’s latest research reveals significant security concerns in this vital infrastructure.
Exploiting PLC Vulnerabilities
In a recent laboratory study, the SwRI team demonstrated how vulnerabilities in the PLC layer could be exploited to gain unauthorized access. By breaching this layer, they obtained network keys and digital addresses from both the charger and the vehicle. Katherine Kozan, an engineer from SwRI’s High Reliability Systems Department who led the project, noted, “Through our penetration testing, we found that the PLC layer was poorly secured and lacked encryption between the vehicle and the chargers.”
Further investigation revealed unsecure key generation in older chips, a known issue confirmed through online research. This finding underscores the broader challenge of securing fast-charging systems against potential cyber threats.
Building on Previous Research
This research builds upon a 2020 SwRI project where the team successfully hacked a J1772 charger using a lab-built spoofing device. Their current work expands into exploring vehicle-to-grid (V2G) technologies governed by ISO 15118 standards, which outline communication protocols between EVs and electric vehicle supply equipment (EVSE) for electric power transfer.
New Testing Methods: Adversary-in-the-Middle Device
In their latest project, SwRI developed an adversary-in-the-middle (AitM) device equipped with specialized software and a modified combined charging system interface. This device allows researchers to eavesdrop on communication traffic between EVs and EVSE, facilitating data collection, analysis, and identification of potential attack vectors. By accessing media access control addresses and network membership keys, the team highlighted significant gaps in security.
“Adding encryption to the network membership key would be an important first step in securing the V2G charging process,” advised FJ Olugbodi, a SwRI engineer involved in the project. The current lack of security measures, including unsecure direct access keys, exposes PLC-enabled devices to risks such as firmware corruption and other destructive attacks.
Challenges and Future Directions
While the need for enhanced encryption is clear, implementing these measures poses its own set of challenges. Increased layers of encryption and authentication could inadvertently affect vehicle functionality or performance if not carefully managed.
To address these issues, SwRI is developing a zero-trust architecture, which aims to enhance cybersecurity by connecting various embedded systems under a unified protocol. This approach promises to bolster security across multiple network layers, including PLC.
“Automotive cybersecurity poses many layers of complexity, but we are excited about these new techniques to identify and address vulnerabilities,” stated Cameron Mott, a manager leading SwRI’s automotive cybersecurity research. As the grid continues to evolve and accommodate more EVs, it is imperative to fortify these systems against cyber threats while ensuring secure and reliable operations.
SwRI’s ongoing research and development efforts are critical to advancing the field of automotive cybersecurity and safeguarding the future of electric vehicle infrastructure.
Source https://www.swri.org
No comments:
Post a Comment