research-article

Uncovering Covert Attacks on EV Charging Infrastructure: How OCPP Backend Vulnerabilities Could Compromise Your System

Authors:

Khaled Sarieddine,

Mohammad Ali Sayed,

Ribal Attallah,

Danial Jafarigiv,

Mourad DebbabiAuthors Info & Claims

ASIA CCS '24: Proceedings of the 19th ACM Asia Conference on Computer and Communications Security

Pages 977 - 989

https://doi.org/10.1145/3634737.3644999

Published: 01 July 2024 Publication History

Abstract

The Electric Vehicle (EV) charging infrastructure has been rapidly expanding to keep up with the increased demands of EV consumers. This government-backed infrastructure expansion resulted in the rushed integration of a significant number of insecure EV Charging Stations (EVCS), which are vulnerable to cyber-attacks. Motivated by the uncovered vulnerabilities in different components of the EV charging infrastructure, in this paper, we study the security of the EVCS Cloud Management System (CMS). Specifically, we focus on the (in)security of the Open Charge Point Protocol (OCPP) backend communication with the EVCS. We verified the prevalence of such security weaknesses by discovering 6 zero-day vulnerabilities in each of the 16 representative live EV charging management systems. Our findings highlight the insecurity of the OCPP backend, which is widely deployed on existing EVCSs in the wild. Indeed, we discuss various attack scenarios that lead to man-in-the-middle, denial of service, firmware theft, and data poisoning, to name a few. We also leverage the developed testbed to demonstrate the feasibility of launching switching attacks against the power grid using compromised EVCSs. Finally, we contribute to the security of the EV charging ecosystem by also recommending countermeasures to mitigate/prevent future cyber-attacks.

References

[1]

2021. Building a green economy: Government of Canada to require 100% of car and passenger truck sales be zero-emission by 2035 in Canada. Transport Canada (Jun 2021). https://www.canada.ca/en/transport-canada

[2]

2022. Attack Surface Management and Data Solutions. https://censys.io/

[3]

2022. Chinese province plans to ban the sale of gasoline-powered cars. https://shorturl.at/nswIV

[4]

2022. Cyberspace search engine. https://www.zoomeye.org/

[5]

2022. Isle of wight: Council's Electric Vehicle Chargers hacked to show porn site. https://www.bbc.com/news/uk-england-hampshire-61006816

[6]

2022. Search Engine for the Internet of Everything. https://www.shodan.io/

[7]

2023. Splunk (Mar 2023). https://www.splunk.com/en_us/blog/learn/zero-day.html

[8]

2023. Biden-Harris Administration Opens Applications for First Round of $2.5 Billion Program to Build EV Charging in Communities & Neighborhoods Nationwide. https://shorturl.at/jxAC4.

[9]

1N3. [n. d.]. 1N3/intruderpayloads: A collection of burpsuite intruder payloads, Burpbounty payloads, Fuzz Lists, malicious file uploads and web pentesting methodologies and checklists. https://github.com/1N3/IntruderPayloads

[10]

Michael Akuchie. 2023. Hacked Electrify America Charger exposes major cyber-security risk. ScreenRant (Jan 2023). https://screenrant.com/electrify-america-hacked-charger-cybersecurity-risk/

[11]

Amer S Al-Hinai. 2000. Voltage collapse prediction for interconnected power systems. West Virginia University.

[12]

Cristina Alcaraz, Jesus Cumplido, and Alicia Trivino. 2023. OCPP in the spotlight: threats and countermeasures for electric vehicle charging infrastructures 4.0. International Journal of Information Security (2023), 1--27.

Digital Library

[13]

Cristina Alcaraz, Javier Lopez, and Stephen Wolthusen. 2017. OCPP protocol: Security threats and challenges. IEEE Transactions on Smart Grid 8, 5 (2017), 2452--2459.

[14]

Joseph Antoun, Mohammad Ekramul Kabir, Ribal F Atallah, and Chadi Assi. 2021. A Data Driven Performance Analysis Approach for Enhancing the QoS of Public Charging Stations. IEEE Transactions on Intelligent Transportation Systems 23, 8 (2021), 11116--11125.

[15]

Joseph Antoun, Mohammad Ekramul Kabir, Bassam Moussa, Ribal Atallah, and Chadi Assi. 2020. A detailed security assessment of the EV charging ecosystem. IEEE Network 34, 3 (2020), 200--207.

[16]

Richard Baker and Ivan Martinovic. 2019. Losing the Car Keys: Wireless PHY-Layer Insecurity in EV Charging. In 28th USENIX Security Symposium (USENIX Security 19). USENIX Association, Santa Clara, CA, 407-424. https://www.usenix.org/conference/usenixsecurity19/presentation/baker

[17]

Kaibin Bao, Hristo Valev, Manuela Wagner, and Hartmut Schmeck. 2018. A threat analysis of the vehicle-to-grid charging protocol ISO 15118. Computer Science-Research and Development 33, 1--2 (2018), 3--12.

[18]

Natural Resources Canada. 2023. Government of Canada. https://natural-resources.canada.ca/energy-efficiency/transportation-alternative-fuels/zero-emission-vehicle-infrastructure-program/21876

[19]

Natural Resources Canada and U.S. Department of Energy. [n. d.]. Final Report on the Implementation of the Task Force Recommendations. https://www.ieso.ca/en/Corporate-IESO/Media/Also-of-Interest/Blackout-2003

[20]

Mauro Conti, Denis Donadel, Radha Poovendran, and Federico Turrin. 2022. EVExchange: A Relay Attack on Electric Vehicle Charging System. In Computer Security - ESORICS 2022. Springer International Publishing, Cham, 488--508.

Digital Library

[21]

Jesus Cumplido, Cristina Alcaraz, and Javier Lopez. 2022. Collaborative anomaly detection system for charging stations. In Computer Security-ESORICS 2022: 27th European Symposium on Research in Computer Security, Copenhagen, Denmark, September 26--30, 2022, Proceedings, Part II. Springer, 716--736.

[22]

Hossam ElHussini, Chadi Assi, Bassam Moussa, Ribal Atallah, and Ali Ghrayeb. 2021. A tale of two entities: Contextualizing the security of electric vehicle charging stations on the power grid. ACM Transactions on Internet of Things 2, 2 (2021), 1--21.

Digital Library

[23]

OWASP Foundation. [n. d.]. Owasp Top Ten. https://owasp.org/www-project-top-ten/

[24]

Zacharenia Garofalaki, Dimitrios Kosmanos, Sotiris Moschoyiannis, Dimitrios Kallergis, and Christos Douligeris. 2022. Electric Vehicle Charging: A Survey on the Security Issues and Challenges of the Open Charge Point Protocol (OCPP). IEEE Communications Surveys & Tutorials 24, 3 (2022), 1504--1533.

Digital Library

[25]

Micah Goldblum, Dimitris Tsipras, Chulin Xie, Xinyun Chen, Avi Schwarzschild, Dawn Song, Aleksander Madry, Bo Li, and Tom Goldstein. 2022. Dataset security for machine learning: Data poisoning, backdoor attacks, and defenses. IEEE Transactions on Pattern Analysis and Machine Intelligence (2022).

[26]

Raju Gottumukkala, Rizwan Merchant, Adam Tauzin, Kaleb Leon, Andrew Roche, and Paul Darby. 2019. Cyber-physical System Security of Vehicle Charging Stations. In 2019 IEEE Green Technologies Conference(GreenTech). 1--5.

[27]

Bing Huang, Alvaro A. Cardenas, and Ross Baldick. 2019. Not Everything is Dark and Gloomy: Power Grid Protections Against IoT Demand Attacks. In 28th USENIX Security Symposium (USENIX Security 19). USENIX Association, Santa Clara, CA, 1115--1132. https://www.usenix.org/conference/usenixsecurity19/presentation/huang

[28]

IEA. [n. d.]. Global EV Outlook 2022 - analysis. https://www.iea.org/reports/global-ev-outlook-2022

[29]

Mohammad Ekramul Kabir, Mohsen Ghafouri, Bassam Moussa, and Chadi Assi. 2021. A two-stage protection method for detection and mitigation of coordinated EVSE switching attacks. IEEE Transactions on Smart Grid 12, 5 (2021), 4377--4388.

[30]

Maya Kaczorowski. 2021. Using CWE and CVSS scores to get more context on a security advisory. The GitHub Blog (Feb 2021). https://github.blog/2021-02-09-using-cwe-and-cvss-scores-to-get-more-context-on-a-security-advisory/

[31]

Sebastian Köhler, Richard Baker, Martin Strohmeier, and Ivan Martinovic. 2022. Demo: End-to-End Wireless Disruption of CCS EV Charging. In Proceedings of the 2022 ACM SIGSAC Conference on Computer and Communications Security (Los Angeles, CA, USA) (CCS '22). Association for Computing Machinery, New York, NY, USA, 3515--3517.

Digital Library

[32]

Chris Jewers For Mailonline. 2022. Russian motorway's electric vehicle chargers are hacked to display message supporting Ukraine. https://shorturl.at/irvAX

[33]

Nick Marshall, Mike Brown, G Blair Fritz, and Ryan Johnson. 2018. Mastering VMware VSphere 6.7. John Wiley & Sons.

[34]

MITRE. 2023. Common Weakness Enumeration (CWE). https://cwe.mitre.org.

[35]

Mobilityhouse. [n. d.]. Mobilityhouse/OCPP: Python implementation of The open charge point protocol (OCPP). https://github.com/mobilityhouse/ocpp

[36]

Adrian Gabriel Morosan and Florin Pop. 2017. Ocpp security-neural network for detecting malicious traffic. In Proceedings of the International Conference on Research in Adaptive and Convergent Systems. 190--195.

Digital Library

[37]

Tony Nasr, Sadegh Torabi, Elias Bou-Harb, Claude Fachkha, and Chadi Assi. 2022. Power jacking your station: In-depth security analysis of electric vehicle charging station management systems. Computers & Security 112 (2022), 102511.

Digital Library

[38]

Tony Nasr, Sadegh Torabi, Elias Bou-Harb, Claude Fachkha, and Chadi Assi. 2023. ChargePrint: A Framework for Internet-Scale Discovery and Security Analysis of EV Charging Management Systems. In In Proceedings of the Network and Distributed System Security (NDSS) Symposium.

[39]

OPAL-RT. [n. d.]. Hypersim. https://www.opal-rt.com/systems-hypersim/

[40]

Alvin Powell. 2022. What to expect from California gas-powered car ban. https://news.harvard.edu/gazette/story/2022/09/what-to-expect-from-california-gas-powered-car-ban/

[41]

Khaled Sarieddine, Mohammad Ali Sayed, Danial Jafarigiv, Ribal Atallah, Mourad Debbabi, and Chadi Assi. 2023. A Real-Time Cosimulation Testbed for Electric Vehicle Charging and Smart Grid Security. IEEE Security & Privacy (2023).

[42]

Khaled Sarieddine, Mohammad Ali Sayed, Sadegh Torabi, Ribal Atallah, and Chadi Assi. 2022. Investigating the security of ev charging mobile applications as an attack surface. ACM Transactions on Cyber-Physical Systems (2022).

[43]

Khaled Sarieddine, Mohammad Ali Sayed, Sadegh Torabi, Ribal Atallah, and Chadi Assi. 2023. Edge-Based Detection and Localization of Adversarial Oscillatory Load Attacks Orchestrated By Compromised EV Charging Stations. arXiv preprint arXiv:2302.12890 (2023).

[44]

Mohammad Ali Sayed, Ribal Atallah, Chadi Assi, and Mourad Debbabi. 2022. Electric vehicle attack impact on power grid operation. International Journal of Electrical Power & Energy Systems 137 (2022), 107784.

[45]

Burp Suite. [n. d.]. BURP suite - application security testing software. https://portswigger.net/burp

[46]

Texas A&M University. 2023. Electric Grid Test Case Repository. Texas A&M University College of Engineering (2023). https://electricgrids.engr.tamu.edu/electric-grid-test-cases/wscc-9-bus-system/

[47]

Wei Zhou, Yan Jia, Yao Yao, Lipeng Zhu, Le Guan, Yuhang Mao, Peng Liu, and Yuqing Zhang. 2019. Discovering and Understanding the Security Hazards in the Interactions between IoT Devices, Mobile Apps, and Clouds on Smart Home Platforms. In 28th USENIX Security Symposium (USENIX Security 19). USENIX Association, Santa Clara, CA, 1133--1150. https://www.usenix.org/conference/usenixsecurity19/presentation/zhou

Cited By

Mahdi Soleymani MAbazari AGhafouri MJafarigiv DAtallah RAssi C(2024)Data-Enabled Modeling and PMU-Based Real-Time Localization of EV-Based Load-Altering AttacksIEEE Transactions on Smart Grid10.1109/TSG.2024.342365415:6(6063-6079)Online publication date: Nov-2024
https://doi.org/10.1109/TSG.2024.3423654

Index Terms

Uncovering Covert Attacks on EV Charging Infrastructure: How OCPP Backend Vulnerabilities Could Compromise Your System
1. Security and privacy
  1. Software and application security
    1. Software security engineering
    2. Web application security

Recommendations

Securing the Electric Vehicle Charging Infrastructure: An In-Depth Analysis of Vulnerabilities and Countermeasures
DIVANet '23: Proceedings of the Int'l ACM Symposium on Design and Analysis of Intelligent Vehicular Networks and Applications

The growth of electric vehicle (EV) adoption is bringing an increased demand for electric vehicle supply equipment (EVSE) infrastructure. With this growth, however, it is inevitable that vulnerabilities are discovered, which motivates an in-depth ...
OCPP in the spotlight: threats and countermeasures for electric vehicle charging infrastructures 4.0
Abstract
Undoubtedly, Industry 4.0 in the energy sector improves the conditions for automation, generation and distribution of energy, increasing the rate of electric vehicle manufacturing in recent years. As a result, more grid-connected charging ...
EV charging: separation of green and brown energy using IoT
UbiComp '16: Proceedings of the 2016 ACM International Joint Conference on Pervasive and Ubiquitous Computing: Adjunct

The energy drivers use to charge their Electric Vehicles (EVs) comes from various sources. Of those, some are renewable green energy sources such as solar photovoltaic systems (SolarPV) and home storage battery whilst some are called brown sources such ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

ASIA CCS '24: Proceedings of the 19th ACM Asia Conference on Computer and Communications Security

July 2024

1987 pages

ISBN:9798400704826

DOI:10.1145/3634737

Chair:
Jianying Zhou,
Co-chair:
Tony Q. S. Quek,
Program Chairs:
Debin Gao,
Alvaro Cardenas
University of California, Santa Cruz, USA

Copyright © 2024 Copyright is held by the owner/author(s). Publication rights licensed to ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than the author(s) must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected].

Sponsors

SIGSAC: ACM Special Interest Group on Security, Audit, and Control

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 01 July 2024

Check for updates

Author Tags

Qualifiers

Research-article

Conference

ASIA CCS '24

Sponsor:

SIGSAC

ASIA CCS '24: 19th ACM Asia Conference on Computer and Communications Security

July 1 - 5, 2024

Singapore, Singapore

Acceptance Rates

Overall Acceptance Rate 418 of 2,322 submissions, 18%

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

1
Total Citations
View Citations
175
Total Downloads

Downloads (Last 12 months)175
Downloads (Last 6 weeks)50

Reflects downloads up to 24 Nov 2024

Other Metrics

View Author Metrics

Citations

Cited By

Mahdi Soleymani MAbazari AGhafouri MJafarigiv DAtallah RAssi C(2024)Data-Enabled Modeling and PMU-Based Real-Time Localization of EV-Based Load-Altering AttacksIEEE Transactions on Smart Grid10.1109/TSG.2024.342365415:6(6063-6079)Online publication date: Nov-2024
https://doi.org/10.1109/TSG.2024.3423654

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Media

Figures

Other

Tables

View Table of Contents