Exploiting Vulns in EV Charging Comms

Name: Exploiting Vulns in EV Charging Comms
Description: Electric vehicle charging infrastructure runs on a stack of aging, largely unpatched hardware. The data link that negotiates charging sessions between a car and a DC fast charger uses Power Line Commu

Jan Berens, Marcell Szakály, Sebastian Köhler

DEF CON 33 · Day 1 · Main Stage

Electric vehicle charging infrastructure runs on a stack of aging, largely unpatched hardware. The data link that negotiates charging sessions between a car and a DC fast charger uses Power Line Commu

AI review

The QCA7000 HomePlug modem is the single point of cryptographic failure for the entire CCS/NACS EV charging ecosystem. Unauthenticated PIB read/write, plaintext NMK in SLAC, ground-path DoS attacks at charging-park scale, unsigned firmware, and arbitrary code execution proven by running Doom. Systematic, scary, and real.

Watch on YouTube