New Tool Searches for EV Charging Security Vulnerabilities
A new cybersecurity research tool exposes vulnerabilities in EV charging equipment and communication.
A new tool from Idaho National Laboratory (INL) allows researchers to detect potential electric vehicle charging vulnerabilities by mimicking electronic communications between EVs and fast chargers.
INL intern Jake Guidry uses his AcCCS invention to assess the security of an electric vehicle’s charging communication system. Image used courtesy of INL
Dubbed “AcCCS,” the tool is named after the access point used to test it: the combined charging system (CCS). AcCCS packs software and charging hardware into one system capable of identifying vulnerabilities in charging communication protocols that can be used to tamper with normal EV charging operations or even introduce cyberattacks.
While no actual power flows through the port, it can still be plugged into an EV to trick the vehicle's software into thinking the battery is charging. Similarly, plugging it into a 350-kilowatt fast-charging station will simulate an EV charging connection.
Cybersecurity Research Tool
AcCCS was developed by Jake Guidry, a mechanical engineering master’s student from the University of Louisiana at Lafayette who first caught the eye of lab researchers at last year’s SAE CyberAuto Challenge workshop.
Ken Rohde, an INL cybersecurity researcher and advisor on Guidry’s project, said AcCCS offers an inexpensive and flexible way to test charging security. Rohde added that some commercial devices give researchers access to EVs and charging equipment to ensure they’re meeting specifications. However, AcCCS reduces costs because researchers wouldn’t need to obtain charging equipment or vehicles to test it.
In a June 2023 meeting, researchers used the tool to hack an EV and charging station and demonstrate cyberattack mitigation strategies. The results will inform future experiments determining best practices for the industry.
Demand for EV Charging Security
The tool was developed in INL’s Electric Vehicle Architecture Laboratory Demonstrations program, which aims to validate best practices and establish partnerships to deploy/operate secure EV charging systems across the industry.
As EV adoption continues to grow in the U.S., the federal government is investing billions in building a national network of 500,000 charging stations by 2030, up from around 130,000 public chargers today. The Bipartisan Infrastructure Law allocates $7.5 billion for EV charging programs, and the Inflation Reduction Act is investing billions more.
With this transformation comes a high demand for protocols ensuring that charging infrastructure is secure. A report from Upstream identifies EV charging as the top emerging attack vector in an analysis of over 100 public automotive cyber incidents in the first half of 2022.
A 2022 paper from Sandia National Laboratories discusses several CCS vulnerabilities in EV-to-EV supply equipment (EVSE) devices. For example, since CCS communications don’t provide mutual authentication, there’s a risk of man-in-the-middle (MITM) attacks that could compromise billing data and other private information.
Last year, researchers discovered a new technique targeting the control communications between EVs and chargers, allowing third parties to wirelessly abort charging stations from 154 feet away. In demonstrations of the attack, called “Brokenwire,” researchers showed how CCS charging sessions could be aborted using software-defined radios with less than 1 watt of power. The attack was successful across seven vehicles and 18 EVSE chargers.