Charging Ahead: Exploiting an EV Charger Controller at Pwn2Own 24
Alex Plaskett, McCaulay Hudson
44CON 2024 · Day 2 · Main
This talk, "Charging Ahead: Exploiting an EV Charger Controller at Pwn2Own 24," delivered by Alex Plaskett and McCaulay Hudson from NCC Group's Exploit Development Group, details their successful campaign at the inaugural Pwn2Own Automotive competition. The presentation focuses on the Phoenix Contact Charx SE C 3100, a critical component used in building Electric Vehicle (EV) charging infrastructure. Plaskett and Hudson provide a comprehensive walkthrough of their vulnerability research methodology, reverse engineering challenges, and the exploit chain that led to unauthenticated root code execution on the target device.
AI review
Solid Pwn2Own war story with genuine technical substance — a multi-stage unauthenticated RCE chain against a real critical infrastructure target, walked through with enough detail to be reproducible and instructive. Not groundbreaking research that redefines the field, but exactly the kind of rigorous, honest vulnerability disclosure talk that conference programs need more of.