Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label SaiFlow. Show all posts

Electric Vehicle Vulnerabilities Can Allow Hackers To Disrupt System, Cause Energy Theft




About the vulnerability

The vulnerabilities were found by experts working for SaiFlow, a company based in Israel that specializes in defending EV charging infrastructure and distributed energy resources. 

The security loopholes are linked to the communications between the charging system management service (CSMS) and the EV charge point (CP), especially using the Open Charge Port Protocol (OCPP). The loopholes are believed to affect the CSMS offered by various vendors. 

The issue is associated with the use of WebSocket communications by the OCPP and how it handles multiple connections poorly. The protocol lacks knowledge about handling more than one CP connection at a time and threat actors can abuse this by opening a new connection to the CSMS. Another problem is related to what SaiFlow explains as a "weak OCPP authentication and chargers identities policy." 

How does a hacker exploit the vulnerability?

By opening a new connection to the CSMS on behalf of a charge point, the threat actor can impact the original connection to be shut down or become non-functional.

 As per SailFlow, a threat actor can misuse the loopholes to deploy a distributed denial of service (DDoS) attack that destroys the electric vehicle supply equipment (EVSE) network. 

Besides this, if a threat actor can connect to CSMS, they may be able to get drivers' personal information, this includes payment card data, along with other sensitive data like server credentials. 

What do experts say about the vulnerabilities?

Ron Tiberg-Shachar, co-founder and CEO of SaiFlow said "in particular configurations, if the charger approves unfamiliar driver identities, an attacker can manage to charge their vehicle without paying for it. Since the CSMS platforms are publicly accessible, it is possible for an attacker to hijack the connection remotely, without needing to gain credentials, access, or perform MITM attacks." Tiberg believes that it may be possible for an amateur hacker to launch an attack, even with scarce resources. 

To conduct an attack, the hacker first needs to get a charger's identity. This identity generally has a standard structure, making it easier for hackers to enumerate the values of valid identifiers. 

In the next stage, they need to get info on which CSMS platform the charger is connected to. According to experts, the CSMS URL can be found using services like Shodan or SecurityTrails. 

The impact of this vulnerability

SailFlow has made a technical blog post explaining the vulnerabilities and the attack scenarios. The company also gave recommendations for how these kinds of attacks can be controlled. It seems unlikely that vendors can easily patch the vulnerabilities. 

Tiberg said, "we’ve approached many key players in the industry (and keep on doing so) to make them aware of our findings and how they can approach a solution. Additionally, we’ve made our solutions team available to support any specific technical questions, in an effort to reinforce vulnerabilities as quickly as possible. Our key goal is to support partners in scaling their charging infrastructure as quickly and safely as possible."