EV Fast Chargers Pose Cybersecurity Risk

Photo courtesy Southwest Research Institute

SAN ANTONIO, TX—Engineers at Southwest Research Institute (SwRI) have identified cybersecurity vulnerabilities with electric vehicles using direct current fast-charging systems. The high-voltage technology relies on power line communication (PLC) technology to transmit smart-grid data between vehicles and charging equipment.

In a laboratory, the SwRI team exploited vulnerabilities in the PLC layer, gaining access to network keys and digital addresses on both the charger and the vehicle. The engineers found unsecure key generation present on older chips when testing, which was confirmed through online research to be a known concern.

“Through our penetration testing, we found that the PLC layer was poorly secured and lacked encryption between the vehicle and the chargers,” says Katherine Kozan, an engineer who led the project for SwRI’s High Reliability Systems Department.

The research is part of SwRI’s ongoing efforts to help the mobility sector and government improve automotive cybersecurity spanning embedded automotive computers and smart-grid infrastructure. It builds upon a 2020 project where SwRI hacked a J1772 charger, disrupting the charging process with a lab-built spoofing device.

In the latest project, SwRI explored vehicle-to-grid (V2G) charging technologies governed by ISO 15118 specifications for communications between EVs and electric vehicle supply equipment (EVSE) to support electric power transfer.

“As the grid evolves to take on more EVs, we need to defend our critical grid infrastructure against cyberattacks while also securing payments to charge EVs,” says Vic Murray, assistant director of SwRI’s High Reliability Systems Department. “Our research found room for improvements.”

The SwRI engineers developed an adversary-in-the-middle (AitM) device with specialized software and a modified combined charging system interface. The AitM allowed testers to eavesdrop on traffic between EVs and EVSE for data collection, analysis and potential attack. By ascertaining the media access control addresses of the EV and EVSE, the engineers identified the network membership key that allows devices to join a network and monitor traffic.

Austin has been senior editor for ASSEMBLY Magazine since September 1999. He has more than 21 years of b-to-b publishing experience and has written about a wide variety of manufacturing and engineering topics. Austin is a graduate of the University of Michigan.

This webinar will dive into circuit consolidation, exploring what it is, and its significant benefits in reducing complexity, space, and costs while improving maintenance, energy efficiency, procurement processes, and overall system organization.

Sponsored by:

Whether you need a six-axis cobot for machine tending or a desktop Cartesian robot for dispensing adhesive, you’ll find it at The ASSEMBLY Show. Before you hit the show floor, tune into this exclusive panel discussion featuring executives from four of the nation’s top suppliers of robotic technology: FANUC, Janome, Schunk, and TM Robotics.

Sponsored by: