A team of engineers at Southwest Research Institute (SwRI) have announced their discovery of a vulnerability in DC fast-charging stations that allows hackers to access electric vehicles.
Power line communication (PLC) is a way to send data through power cables, even using common electrical plugs. It works by delivering a harmonic signal in the power line, and then using a receiver on the other end to interpret the data in the harmonic.
With this system, it’s possible to send and receive transmissions like voice, video, and a person’s day-to-day internet traffic directly through the user’s electrical wiring. This type of technology has been in use since 1922.
Nowadays, about 40 million electric cars are being used across the world. It’s estimated that about 86% of EV owners charge their cars at home while about 59% use public chargers weekly.
Level 3 DC chargers are the fastest way to top up Tesla cars on the road. The charger uses an Ipv6 base protocol PCL to communicate with the vehicle to monitor faults and collects data for everything, such as charge status, state of charge, vehicle identification number (VIN), and more.
The engineers at SwR found vulnerabilities in the PLC layer and successfully accessed the addresses and the keys of the chargers and the vehicles remotely.
Modifying EV firmware by a bad actor could have serious consequences for the driver and anyone else on the road, and it is possible with modern vehicles that are so heavily dependent on software, CPUs, and internet connections.
A modern EV is a data center on wheels. Simply adding encryption to embedded systems on EVs could cause a fault in an EV’s systems.
To solve these issues, the team at SwRI has also created a new structure, called zero-trust, to circumvent layers of encryption by preventing a bad guy from breaking through a user’s firewall. Before executing a command, Zero-trust would require each asset, like a laptop, a server, or an electric vehicle, to show a root level and prove its identity and that it belonged to the car’s network.
Not only that, but the zero-trust system is also able to monitor system accuracy and identify anomalies and illicit communication packets in real-time in case a bad actor gains access to the vehicle’s systems.