Power jacking your station: In-depth security analysis of electric vehicle charging station management systems

The demand for Electric Vehicles (EVs) has been exponentially increasing, and to achieve sustainable growth, the industry dictated rapid development of the supporting infrastructure. This requires building a reliable EV charging ecosystem that serves customer demands while ensuring the security of the Internet-enabled systems and the connected critical infrastructure against possible cyber attacks. To this end, the authors devise a system lookup and collection approach to obtain a representative sample of widely deployed EV Charging Station Management Systems (EVCSMS). Furthermore, the authors leverage reverse engineering and penetration testing techniques to perform a first-of-a-kind comprehensive security and vulnerability analysis of the identified EVCSMS and their software/firmware implementations. Indeed, systematic analysis unveils an array of vulnerabilities, which demonstrate the insecurity of the EVCSMS against remote cyber attacks. Considering the feasibility of such attacks, the authors discuss attack implications against the EV charging stations (EVCS) and their users. More importantly, the authors simulate the impact of practical cyber attack scenarios against the power grid, which result in possible service disruption and failure in the grid. Finally, while the authors recommend mitigation measures, their discoveries raise concerns about the lack of adequate security considerations in the design of the deployed EVCS, which will motivate vendors to take immediate action to patch their developed systems. Indeed, the authors' communication with the concerned parties resulted in positive responses from some vendors such as Schneider Electric, who acknowledged their findings by reserving 12 CVEs, respectively.

• Record URL:
  http://dx.doi.org/10.1016/j.cose.2021.102511
• Record URL:
  https://www.sciencedirect.com/science/article/pii/S0167404821003357
• Availability:
  • Find a library where document is available. Order URL: http://worldcat.org/issn/01674048
• Supplemental Notes:
  • © 2021 Elsevier Ltd. All rights reserved. Abstract reprinted with permission of Elsevier.
• Authors:
  • Nasr, Tony
  • Torabi, Sadegh
  • Bou-Harb, Elias
  • Fachkha, Claude
  • Assi, Chadi
• Publication Date: 2022-1

Language

• English

Media Info

• Media Type: Web
• Features: Figures; References; Tables;
• Pagination: 102511
• Serial:
  • Computers & Security
  • Volume: 112
  • Publisher: Elsevier
  • ISSN: 0167-4048
  • Serial URL: https://www.sciencedirect.com/journal/computers-and-security

Subject/Index Terms

• TRT Terms: Computer security; Electric vehicle charging; Electric vehicles; Risk assessment
• Subject Areas: Data and Information Technology; Energy; Highways; Security and Emergencies; Terminals and Facilities; Vehicles and Equipment;

Filing Info

• Accession Number: 01833335
• Record Type: Publication
• Files: TRIS
• Created Date: Jan 21 2022 4:47PM