Researchers Pawn Electric Cars to Circumvent Payment for Charging Stations and Manipulate Car Battery

Researchers Pawn Electric Cars to Circumvent Payment for Charging Stations and Manipulate Car Battery

Black Hat Asia Researchers have used the Black Hat Asia conference to demonstrate the awesome power of the Raspberry Pi as a car-p0wning platform.


Chinese web giant Tencent's Blade Team, a security research group, showed they could circumvent payment schemes used at electric vehicle charging stations. Their exploits also changed the charging voltage and current, an act that could damage the EV.


“The construction of charging stations is accelerating all over the world, but there is little research on the security of electric vehicle infrastructure,” said TenCent Blade Team senior security researcher Wu HuiYu.

HuiYu and fellow TenCent Blader, Li YuXiang, tried out the attack on five rented electric cars of different models through a security test tool called “XCharger” that captures, modifies, replays and fuzzes the data packets in the communication process between the charging pile and the electric vehicle. The XCharger uses a Raspberry Pi or STM 32 microcontroller and is inserted between the charging pile and electric vehicle.


Charging stations have largely moved toward automating payments. While some vehicle companies use their own authentication and communication protocols, others rely on the VIN number which is insecure because it is visible in plaintext - literally - through a vehicle's windshield.


To hack into these systems, the Tencent team used CANtools, software that allows observation and interpretation of messages sent on the Controller Area Network (CAN bus) used to connect devices in cars. CANtools allowed the researchers to read messages generated during the charging process, and from there write their own messages, bypass authentication and avoid charges for charging.

The TenCent Blade team notified the vendors and the ..

Support the originator by clicking the read the rest link below.