In 2022, the researchers Sebastian Köhler, Richard Baker, Martin Strohmeier, and Ivan Martinovic demonstrated a novel attack that exploited vulnerabilities in the Combined Charging System (CCS), the most widely used DC (direct current) rapid charging technology for electric vehicles (EVs). They called their discovery the Brokenwire attack.
At the time of their publication, they released limited technical details on their findings to prevent potential abuse and give affected manufacturers time to address issues related to their attack. In this blog entry, we revisit this attack scenario, as the researchers have released a more comprehensive version of their research for the 2023 Network and Distributed System Security Symposium (NDSS).
CCS and how broadly it is being used
One of the challenges of EVs is that they charge at a much slower rate than traditional cars are refueled. The automotive industry has found DC charging to be a good alternative to AC (alternating current) charging when it comes to EVs because of its better efficiency, battery compatibility, convenience, and charging speed. Public charging stations typically use DC charging, while private ones use AC.
CCS outplays other DC charging standards and will likely become the charging standard of choice worldwide in the future. CCS takes advantage of power-line communication (PLC) technology, which transmits and receives signals through electrical wiring. Thus, the Brokenwire attack was a notable catch by Köhler et al. The attack can remotely halt a single vehicle or a fleet of vehicles from charging at the same time.
Technical details of the Brokenwire attack
To set up the attack scenario, the researchers used a software-defined radio (SDR) with a designated payload in the RF (radio frequency) signal. From a distance of up to 47 meters, they were able to interfere with the communication and halt the charging session. The researchers named this attack Brokenwire because it involves stopping the signal in the wire to disrupt the charging process.
The attack takes advantage of the communication protocol used between EVs and EV supply equipment (EVSE). The protocol, called carrier sense multiple access/collision avoidance (CSMA/CA), is designed to prevent collisions by detecting whether the charging cable is busy before initiating communication. However, if signals are continuously sent to make both the EV and the EVSE believe the cable is busy, communication is disrupted and the charging process is halted, as in the Brokenwire research.
Adding another layer of risk to this scenario is that it can be done remotely. Since the charging cable is susceptible to electromagnetic interference, it inadvertently also functions as an antenna. This means that the attacker can carry out the attack from a reasonable distance without physically interacting with the targets, as also successfully demonstrated by the researchers.
The root cause of this attack lies in the combination of the current charging protocol and systems. Specifically, this type of attack targets DC rapid chargers, while private AC home chargers are immune to it. This novel attack highlights the potential weaknesses of public charging stations. While an interrupted charging session might seem harmless to regular vehicles, such an attack can have grave consequences in certain situations, such as when it is used to target public emergency response vehicles.
Furthermore, the scope of this issue extends beyond public charging stations. As the researchers have pointed out, the Brokenwire attack can affect many heavy-duty vehicles that run on electric power, use the same system, and are therefore vulnerable to the same attack technique.
The deployment of more EVs is one of the more prominent measures to fight the worsening effects of climate change. EVs are typically more energy-efficient than their traditional counterparts. This advantage highlights how the EV has become an appealing alternative, even as it has also presented adoption challenges.
Stricter emission standards in most countries have also pushed the vehicle trend toward electric. According to a recent report by the International Energy Agency (IEA), one in seven cars sold globally in 2022 was an EV, compared to just one in 70 sold in 2017.
As EVs become more common, the infrastructure and EVSE created to meet its new demands will also have to keep up. In a previous blog entry, we brought attention to a research on a flaw that could leave cars locked to charging stations, in what has been named the Charging Pile Ransom Attack. Discoveries such as this and the Brokenwire attack show that amid all these developments are a widening attack surface and unseen security gaps that need to be accounted for before they turn into real-world threats.
The world of mobility is moving at such a fast pace that VicOne aims to continue to bank on our strong cybersecurity history and look into the threats on the horizon to stay ahead. As the connected car becomes more advanced, it stands to face more complex threats and risks because of an ever-expanding attack surface on top of a complex supply chain. In the midst of these developments, cybercriminals will also be on the lookout for opportunities in the form of security gaps and learn to leverage the same new technologies available to the automotive industry.
VicOne, a subsidiary of Trend Micro, leverages the cybersecurity leader’s over 30 years of industry expertise and offers purpose-built solutions to automotive stakeholders.
We recommend the following solutions to keep your charging stations up and running, and protect charging piles and EVs.
Protecting charging piles
The recommended way is to continuously monitor for known and undisclosed vulnerabilities, malware, and backdoor attacks. When these are detected, the system can address security flaws immediately to prevent a system vulnerability from being exploited and fix the code later via virtual patching.
xZETA allows OEMs to scan vendors’ firmware on multiple levels and effectively reduces the attack surface from the beginning.
VicOne’s Security Agent can provide superior detection and protection for charging piles or EVSE controllers. Paired with xZETA, it can help you implement virtual patching to prevent and intercept an exploit from taking network paths to and from a vulnerability.
In addition, you can have one more layer of protection against charging station attacks affecting your EVs. The recommended way is to continuously monitor for potential malicious attacks on your vehicles and be able to protect yourself from potential threats.
xNexus, an extended detection and response (XDR) platform for vehicle security operations centers (VSOCs), can help build awareness mechanisms and early warning for incoming attacks.
xCarbon, an intrusion detection and prevention system (IDPS) for electronic control units (ECUs), provides superior detection and protection in vehicles, allowing VSOCs to quickly understand the nature of a potential attack.
To read more research on other possible vulnerabilities in connected vehicles and learn best security practices, visit our resource center.