Skip to main content
OSTI.GOVU.S. Department of Energy Office of Scientific and Technical Information
U.S. Department of Energy
Office of Scientific and Technical Information
 

Disrupting EV Charging Sessions and Gaining Remote Code Execution with DoS, MITM, and Code Injection Exploits using OCPP 1.6

Conference ·
OSTI ID:2279800
 [1];  [2];  [3];  [2];  [4];  [4]
  1. Sandia National Laboratory
  2. Wright State University
  3. Sandia National Laboratories
  4. Idaho National Laboratory
+ Show Author Affiliations

Open Charge Point Protocol (OCPP) 1.6 is widely used in the electric vehicle (EV) charging industry to communicate between Charging System Management Services (CSMSs) and Electric Vehicle Supply Equipment (EVSE). Unlike OCPP 2.0.1, OCPP 1.6 uses unencrypted websocket communications to exchange information between EVSE devices and an onpremise or cloud-based CSMS. In this work, we demonstrate two machine-in-the-middle (MITM) attacks on OCPP sessions to terminate charging sessions and gain root access to the EVSE equipment via remote code execution (RCE). Second, we demonstrate a malicious firmware update with a code injection payload to compromise an EVSE. Lastly, we demonstrate two methods to prevent availability of the EVSE or CSMS. One of these, originally reported by SaiFlow, prevents traffic to legitimate EVSE equipment using a DoS-like attack on CSMSs by repeatedly connecting and authenticating several CPs with the same identities as the legitimate CP. These vulnerabilities were demonstrated with proof-of-concept exploits in a virtualized Cyber Range at Wright State University and/or with a 350 kW Direct Current Fast Charger (DCFC) at Idaho National Laboratory. The team found that OCPP 1.6 could be protected from these attacks by adding secure shell (SSH) tunnels to the protocol, if upgrading to OCPP 2.0.1 was not an option. Index Terms—Electric vehicle charging, cybersecurity, OCPP, cyberattack, cyber-resilience. INSPEC Accession Number: 23981565

Research Organization:
Idaho National Laboratory (INL), Idaho Falls, ID (United States)
Sponsoring Organization:
13
DOE Contract Number:
AC07-05ID14517
OSTI ID:
2279800
Report Number(s):
INL/CON-23-72329-Rev000
Country of Publication:
United States
Language:
English

Similar Records

Motivation and Design of the OCPP Security Service
Technical Report · Thu Feb 29 23:00:00 EST 2024 · OSTI ID:2332876
A Cryptographic Method for Defense Against MiTM Cyber Attack in the Electricity Grid Supply Chain
Conference · Sun Apr 24 00:00:00 EDT 2022 · 2022 IEEE Power & Energy Society Innovative Smart Grid Technologies Conference (ISGT) · OSTI ID:1997526
node-red-contrib-ocpp2
Software · Thu Jun 20 20:00:00 EDT 2024 · OSTI ID:code-132647

Related Subjects

99 GENERAL AND MISCELLANEOUS
charging
cybersecurity
electric
infrastructure
vehicle