summaryrefslogtreecommitdiff
path: root/updates/2017/e-motor.en.md
blob: 3b0aff817fef377c919884edadbbef7d126a1c0b (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
title: Chaos Computer Club hacks e-motor charging stations
date: 2017-12-27 00:43:00 
updated: 2017-12-27 07:19:45 
author: 46halbe
tags: update, pressemitteilung
previewimage: /images/NFC-Karten-Analysewerkzeuge9.jpg

Currently, the infrastructure for charging electronic vehicles is rolled out in Germany – once again without paying much attention to IT security. The convenient charging cards are currently so insecure that it is not advisable to use them. It is trivially possible to charge your car while having someone else unknowingly being forced to pay. Nearly all charging cards are affected by this vulnerability. Charging network providers that issue these cards have refused to fix the security problems, despite being given several months pre-warning. The details of the vulnerabilities will be presented in detail today at the 34th Chaos Communication Congress at 12:45 in Leipzig.

<!-- TEASER_END -->

Electric cars are recharged at an electric vehicle charging station
instead of a gas pump. The stations usually offer a three-phase current
connector, through which the necessary charging performance is achieved.
In public spaces charging operations are sometimes deducted from
charging cards by the operators. A number is stored on these charging
cards, which the charging station uses to identify the customer.
Unfortunately, this number is completely public and can be copied as
often as desired. Therefore, it is possible to easily clone a charging
card.

„The operators have not implemented basic security mechanisms“, said CCC
member Mathias Dalheimer who will explain the details of the hack today
at 34C3. „This is as if I would pay with a photo copy of my debit card
at the discounter − and the cashier accepts it.“

The communication between charging stations and the billing back-end is
not protected as well. The card number is transmitted without encryption
directly to the provider. Little technical effort is necessary to
intercept this communication to harvest customer card numbers. With
these numbers it is possible to either forge charging cards or – even
more simple – simulate charging events. Using this method a provider of
charging stations can easily inflate its revenue.

The charging stations themselves are also insecure. Most stations allow
manipulations of their configuration and firmware updates via USB stick.
Since this update mechanism is frequently insecure – like with KEBA
models – arbitrary code can be inserted into the charging station. By
this method an attacker for example can make charging free for all or
can harvest customers' card numbers to make charges at their cost.

Customers will have a hard time to proof these types of misuse.
Especially when roaming, when their charging card is accepted at the
station of a different provider, the settlement of fees happens much
later. Weeks can pass before the misuse of their charge card number is
noticed. The providers of the charging networks have acknowledged the
problems but see no reason to take action. „New Motion“, for example,
said that they do not know of misuse cases and that their customers
should please take a look at their billing statement. \[0\] A change to
a more suitable method of payment is not planned, so customers currently
are forced to live with this inacceptable situation.

We demand:

-   The security of the charging stations has to be raised to the state
    of the art.
-   Charging station operators must offer secure payment methods to
    their customers.
-   The payment data has not only to be protected within one charging
    cycle, but also when roaming between different charging operators as
    well.

 

**Links**:

\[0\] [Statement of „New
Motion“](https://www.goingelectric.de/forum/oeffentliche-ladeinfrastruktur/ladekarten-sind-unsicher-wie-man-auf-fremde-rechnung-laedt-t27590-50.html#p628169)
(German)

\[1\] More technical details and
videos: <https://schwarzladen.gonium.net/> (German)

\[2\] Electric car
simulator: [https://evsim.gonium.net](https://evsim.gonium.net/)

\[3\] Videos on Youtube:

<https://youtu.be/0-AjgT8oqt8>

<https://youtu.be/HWfHfctN66U>

<https://youtu.be/nL3cDfzAIC0>

<https://youtu.be/pUEp3uWAWqY>

\[4\] Live-Streaming: [Information on streams and
videos](https://events.ccc.de/congress/2017/wiki/index.php/Static:Streams)