How does it work

Power line communication (PLC) is a way to transfer data over existing power lines, like the electrical plugs in your home. This is done by feeding a harmonic signal into the power line, then a receiver at the other end interprets and predicts the data found there. This allows transmissions such as voice, video, and even regular Internet traffic to be sent and received directly over electrical wires. This type of technology has been around since 1922.

There are close to 40 million electric cars in the world today. It is estimated that about 86% of EV owners charge their EVs at home and about 59% use public chargers each week. There are about 10,000 Level 3 direct current (DCFC) fast charging stations in the US. That’s 10,000 potential hacking sites and millions of potential vulnerabilities in the US alone. It’s nearly impossible to say how many of these are spread across the world.

Level 3 DC chargers, the fastest way to charge a Tesla electric vehicle while on the road, use an IPv6-based PLC protocol to communicate with the vehicle to monitor for faults and collect data about the state of charge, charge level, vehicle identification number (VIN) and other information.

Researchers at the Southwest Research Institute (SwRI) have exploited PLC-level vulnerabilities. gave them access to the network key and digital addresses of chargers and the vehicleAn attack performed using a man-in-the-middle (AitM) attack that can simulate both the electric vehicle and the charging equipment.

During penetration testing, we found that the security of the PLC layer was weak and there was no encryption between the vehicle and the chargers.
– said Catherine Kozan, chief engineer of the high reliability systems department of SwRI.

Tesla charging stations / Unsplash photo

In 2020, SwRI was able to redesign and hack the J1772 charger system, the most common type of charger in the US, to disrupt the charging process by simulating a malicious attack. Send signals to the vehicle to simulate recharging, adjust charging speed, or block charging altogether.

Level 3 hacks take things to the next level by giving potential hackers the ability to remotely insert code into a car’s firmware, literally changing or disabling its functions, responses, algorithms, and security rules.

peer

A similar story happened to a Jeep in 2015. Although hacked in a different way, the results of that attack still reflect the threats that any electric vehicle could face.

A pair of hackers from Missouri took control of an unmodified Jeep Cherokee while a Wired reporter was driving on the highway. The hackers went so far as to He shut off the engine, took control of the steering and exited the highway, and then disabled the brakes.They also tracked the car’s location using GPS.

How did they gain such control? Remotely, through the infotainment system alone.

With network access via insecure direct access switches, persistent memory regions in PLC devices can easily be removed and reprogrammed, opening the door to devastating attacks such as firmware corruption.
– says the engineer participating in the SwRI project.

Modifying the firmware of an electric vehicle by an attacker could have serious consequences for the driver and anyone else who finds themselves in the path of the unauthorized vehicle. With modern tools the possibilities are almost endlessare very dependent on software, processors and internet connectivity. They are effectively data centers on wheels.

The brain of the new Tesla Model S, for example, is an AMD Ryzen processor and AMD Radeon graphics processor, the same ones found in your home or office computer. Plus, there are about 63 other processors.

Encryption may not be a good answer

Simply adding encryption to EVs’ onboard systems could also pose a potential risk. Any failure to encrypt or verify a piece of data could cause the EV’s systems to malfunction.

Imagine you’re trying to brake, but your car decides not to because it’s not getting a real signal from your pedal through the ABS module.

A possible solution

But all is not lost. SwRI has developed a new “zero trust” architecture that can bypass layers of encryption. Zero trust is based on the assumption that if an attacker wants to break your firewall, they will most likely do so, and there is no way for you to stop them. But zero trust requires that every device, be it a laptop, a server, or an electric car, verify its identity and network membership at the root level before executing a command. The network is the car.

In addition to each element of the architecture having to authenticate itself at every boot, a zero trust system also verifies the correctness of the system’s operation and Detects anomalies and illegal communication packets in real time In case an attacker gains access to the vehicle’s systems.

Although zero trust architecture is not yet used in modern devices, it could become the technology of the future if more vulnerabilities are found and exploited.