V2GEvil: Ghost in the wires

This research is dedicated to enhancing the cybersecurity of electric vehicles, with a specific focus on identifying vulnerabilities in the Electric Vehicle Communication Controller (EVCC). This controller facilitates communication with the Supply Equipment Communication Controller during the charging process. Accessible through the On-Board Charging (OBC) port, which is as publicly available as the gas tank in combustion engine vehicles.

The research journey began by studying the electric vehicle charging ports, how they communicate, and the standards they follow, especially focusing on ISO 15118. Then, we closely looked at how On-Board Charging (OBC) works, especially its communication protocols during charging, with a special focus on the High-Level Communication (HLC).

Our research efforts resulted in the development of a dedicated security tool. This tool is designed to examine and assess the implementation of the EVCC (Electric Vehicle Communication Controller). It can simulate the behaviour of the SECC (Supply Equipment Communication Controller) during charging and includes extra features to simplify the process of enumeration and fuzzing the EVCC during charging operations.

In this talk, we’ll explore the world of electric vehicle cybersecurity, focusing on charging communication, vulnerabilities in EVCC implementation, and the development of a dedicated security tool. We’ll discuss charging standards, communication protocols, and real-world scenarios to understand the evolving landscape of electric mobility cybersecurity. Additionally, we’ll showcase and discuss the hardware required for connecting to the vehicle charging port.