This post is also available in:
עברית (Hebrew)
In the past years, most security-savvy individuals have become highly cautious of connecting unfamiliar tech to their personal devices. We understand that we probably shouldn’t charge our cellphones with the public chargers available at airports or connect our laptops to the free Wi-Fi at the mall. However, Engineers at Southwest Research Institute have recently identified a cybersecurity risk in an unpredictable area: electric vehicle fast chargers.
According to TechXplore, the researchers exploited vulnerabilities in the PLC (power line communication) layer, which is the technology that enables high-voltage charging by transmitting smart-grid data between the vehicle and the charging equipment. They were able to gain access to network keys and digital addresses on both the charger and the vehicle. “Through our penetration testing, we found that the PLC layer was poorly secured and lacked encryption between the vehicle and the chargers,” said Katherine Kozan, an engineer who led the project for SwRI’s High Reliability Systems Department. During their testing, the team discovered unsecure key generation in older chips, a known issue corroborated by their online research.
SwRI is actively enhancing automotive cybersecurity, focusing on embedded systems and smart-grid infrastructure. Following a successful 2020 project hacking a J1772 charger, their latest research delves into ISO 15118-guided vehicle-to-grid (V2G) charging technologies.
Vic Murray, SwRI’s assistant director of High Reliability Systems emphasized that as the EV grid expands, safeguarding infrastructure and payment processes is crucial, and that their team found that there is still room for improvement. Their recent study identified vulnerabilities in V2G communication, and exposed the network membership key that is used for connecting to the network and traffic monitoring.
“Encrypting these keys is vital to secure V2G charging,” stressed FJ Olugbodi, an SwRI engineer involved in the project. Current vulnerabilities allow potential attacks, such as unauthorized access to device memory, posing risks like firmware corruption.
However, integrating encryption in vehicle embedded systems presents challenges. Additional security layers could affect vehicle functionality and safety if authentication or decryption fails.
To address these concerns, SwRI developed a zero-trust architecture, unifying cybersecurity protocols across multiple embedded systems. Future research aims to implement and test these systems in PLC and other network layers for enhanced EV cybersecurity.
Automotive cybersecurity is complex, but research, such as the one by the SwRI team allows us a safer future driving electric vehicles.