A group of researchers from the University of Oxford and Armasuisse S+T has devised a new attack technique, dubbed Brokenwire, against the popular Combined Charging System (CCS) that could be exploited by remote attackers to disrupt charging for electric vehicles.
The Combined Charging System (CCS) is one of the most widely used DC rapid charging technologies for electric vehicles (EVs).
The attack aims at interrupting the control communication between the vehicle and charger, causing the disruption of charging sessions.
“The attack can be conducted wirelessly from a distance using electromagnetic interference, allowing individual vehicles or entire fleets to be disrupted simultaneously.” reads the post published by the academics. “In addition, the attack can be mounted with off-the-shelf radio hardware and minimal technical knowledge. With a power budget of 1 W, the attack is successful from around 47 m distance. The exploited behavior is a required part of the HomePlug Green PHY, DIN 70121 & ISO 15118 standards and all known implementations exhibit it.”
The researchers demonstrated that the Brokenwire attack can be conducted from a distance of as far as 47m (151ft). Experts pointed out that the interruption of the charging process of critical vehicles, such as electric ambulances, can have life-threatening consequences.
The experts did not disclose details about the attack technique to prevent attacks in the wild.
The researchers published a video PoC of the attack showing their technique in action.
Let me close with a couple of Questions from FAQ published by the researchers:
I have a charger at home, can someone stop my car from charging?
Probably not. Most likely your home charger uses AC charging and a different communication standard (IEC 61851), so won’t be affected. This might change in the future though, with home chargers getting ISO 15118 support.
Can Brokenwire also break my car?
We’ve never seen any evidence of long-term damage caused by the Brokenwire attack. Based on our development work, we also have good reason to expect there isn’t any.
(SecurityAffairs – hacking, Brokenwire)