Uncovering Covert Attacks on EV Charging Infrastructure: How OCPP Backend Vulnerabilities Could Compromise Your System.

The Electric Vehicle (EV) charging infrastructure has been rapidly expanding to keep up with the increased demands of EV consumers. This government-backed infrastructure expansion resulted in the rushed integration of a significant number of insecure EV Charging Stations (EVCS), which are vulnerable to cyber-attacks. Motivated by the uncovered vulnerabilities in different components of the EV charging infrastructure, in this paper, we study the security of the EVCS Cloud Management System (CMS). Specifically, we focus on the (in)security of the Open Charge Point Protocol (OCPP) backend communication with the EVCS. We verified the prevalence of such security weaknesses by discovering 6 zero-day vulnerabilities in each of the 16 representative live EV charging management systems. Our findings highlight the insecurity of the OCPP backend, which is widely deployed on existing EVCSs in the wild. Indeed, we discuss various attack scenarios that lead to man-in-the-middle, denial of service, firmware theft, and data poisoning, to name a few. We also leverage the developed testbed to demonstrate the feasibility of launching switching attacks against the power grid using compromised EVCSs. Finally, we contribute to the security of the EV charging ecosystem by also recommending countermeasures to mitigate/prevent future cyber-attacks.