Engineers at Southwest Research Institute (SwRI) have identified cybersecurity vulnerabilities in DC fast charging EVSE.

In a laboratory, the SwRI team exploited vulnerabilities in the power line communication (PLC) layer that transmits smart-grid data between vehicles and charging equipment, gaining access to network keys and digital addresses on both the charger and the vehicle. The SwRI team developed an adversary-in-the-middle (AitM) device with specialized software and a modified combined charging system interface. The device let testers intercept traffic between EVs and electric vehicle supply equipment (EVSE) for data collection, analysis and attack. The team found unsecure key generation present on older chips when testing, which was confirmed through online research to be a known concern. 

SwRI has also developed a zero-trust architecture that can address interruptions in a vehicle’s functionality or performance. It connects several embedded systems using a single cybersecurity protocol.

“Through our penetration testing, we found that the PLC layer was poorly secured and lacked encryption between the vehicle and the chargers,” said Lead Project Engineer Katherine Kozan. 

Source: Southwest Research Institute