Currently, the infrastructure for charging electronic vehicles is rolled out in Germany – once again without paying much attention to IT security. The convenient charging cards are currently so insecure that it is not advisable to use them. It is trivially possible to charge your car while having someone else unknowingly being forced to pay. Nearly all charging cards are affected by this vulnerability. Charging network providers that issue these cards have refused to fix the security problems, despite being given several months pre-warning. The details of the vulnerabilities will be presented in detail today at the 34th Chaos Communication Congress at 12:45 in Leipzig.

Electric cars are recharged at an electric vehicle charging station instead of a gas pump. The stations usually offer a three-phase current connector, through which the necessary charging performance is achieved. In public spaces charging operations are sometimes deducted from charging cards by the operators. A number is stored on these charging cards, which the charging station uses to identify the customer. Unfortunately, this number is completely public and can be copied as often as desired. Therefore, it is possible to easily clone a charging card.

„The operators have not implemented basic security mechanisms“, said CCC member Mathias Dalheimer who will explain the details of the hack today at 34C3. „This is as if I would pay with a photo copy of my debit card at the discounter − and the cashier accepts it.“

The communication between charging stations and the billing back-end is not protected as well. The card number is transmitted without encryption directly to the provider. Little technical effort is necessary to intercept this communication to harvest customer card numbers. With these numbers it is possible to either forge charging cards or – even more simple – simulate charging events. Using this method a provider of charging stations can easily inflate its revenue.

The charging stations themselves are also insecure. Most stations allow manipulations of their configuration and firmware updates via USB stick. Since this update mechanism is frequently insecure – like with KEBA models – arbitrary code can be inserted into the charging station. By this method an attacker for example can make charging free for all or can harvest customers' card numbers to make charges at their cost.

Customers will have a hard time to proof these types of misuse. Especially when roaming, when their charging card is accepted at the station of a different provider, the settlement of fees happens much later. Weeks can pass before the misuse of their charge card number is noticed. The providers of the charging networks have acknowledged the problems but see no reason to take action. „New Motion“, for example, said that they do not know of misuse cases and that their customers should please take a look at their billing statement. [0] A change to a more suitable method of payment is not planned, so customers currently are forced to live with this inacceptable situation.

We demand:

The security of the charging stations has to be raised to the state of the art.

Charging station operators must offer secure payment methods to their customers.

The payment data has not only to be protected within one charging cycle, but also when roaming between different charging operators as well.

Links:

[0] Statement of „New Motion“ (German)

[1] More technical details and videos: https://schwarzladen.gonium.net/ (German)

[2] Electric car simulator: https://evsim.gonium.net

[3] Videos on Youtube:

https://youtu.be/0-AjgT8oqt8

https://youtu.be/HWfHfctN66U

https://youtu.be/nL3cDfzAIC0

https://youtu.be/pUEp3uWAWqY

[4] Live-Streaming: Information on streams and videos