OrangeCon

Low Energy to High Energy: Hacking Nearby EV-Chargers Over Bluetooth
2024-09-05 , Main track

During the first Pwn2Own Automotive, organised by ZDI in Tokyo in January 2024, Computest Sector 7 successfully demonstrated exploits for vulnerabilities in three different EV-chargers. All three could be exploited to execute arbitrary code on the charger, with the only prerequisite being close enough to connect to Bluetooth.


As electric vehicles become increasingly integrated into our transportation infrastructure, the security of their charging systems is becoming paramount. A threat actor hacking EV chargers at scale could have a real life impact on the continuity of our power grid and the transportation sector. Therefore, it is important that manufacturers and operators are well aware of their role in protecting our power grid.

This year we demonstrated several zero day attacks against commonly used EV chargers during the international Pwn2Own Automotive competition. Most of these vulnerabilities were very easy to find once the firmware was extracted. The lack of mitigations against binary exploitation meant writing the exploits was also straightforward.

In this talk, we will explain the vulnerabilities we found, the exploits we developed and what lessons about IoT security in general can be learned from this.

Daan Keuper is the head of security research at Computest Security. This division is responsible for advanced security research on commonly used systems and environments.

Daan participated four times in the internationally known Pwn2Own competition by demonstrating zero-day attacks against Zoom and multiple ICS applications. In addition Daan did research on internet connected cars, in which several vulnerabilities were found in cars from the Volkswagen Group.