Charging Ahead: Exploiting an EV Charger Controller at Pwn2Own

Name: Charging Ahead: Exploiting an EV Charger Controller at Pwn2Own
Duration: 43 min
Description: Electric vehicle charging infrastructure is proliferating rapidly — the UK alone is targeting 300,000 public charging points by 2030 — and the security of these devices is, to put it mildly, not keepi

Alex Plaskett, McCaulay Hudson

44CON 2025 · Day 2 · Main Track

Electric vehicle charging infrastructure is proliferating rapidly — the UK alone is targeting 300,000 public charging points by 2030 — and the security of these devices is, to put it mildly, not keepi

AI review

NCC Group chains three real bugs — file upload with exec perms, unauthenticated mode switching, PPP config injection — into working root RCE against an EV charger at Pwn2Own in 8 minutes, and the fact that every charger in the competition fell underscores the talk's core argument about critical infrastructure security.

Watch on YouTube