back to article Tencent research team scores free powerups for electric cars with Raspberry Pi-powered X-in-the-middle attack

Researchers have used the Black Hat Asia conference to demonstrate the awesome power of the Raspberry Pi as a car-p0wning platform. Chinese web giant Tencent's Blade Team, a security research group, showed they could circumvent payment schemes used at electric vehicle charging stations. Their exploits also changed the charging …

  2. Pascal Monett Silver badge

    "messages sent on the Controller Area Network"

    And here I go again.

    Sorry to grind the same organ again, but since when has it been a good idea to mix the network controlling the car with the network accessing the outside ?

    Answer : never. But the beancounters argue for economy of scale.

    Fuck them.

    Beancounters are the bane of security and common sense.

    1. DrXym Silver badge

      Re: "messages sent on the Controller Area Network"

      In this case it doesn't sound as if they are. An electric car and the charger communicate over the connection cable. It's basically a variant of HomePlug Powerline with a transport that rides over the current. When you plug the cable in, they'll handshake to say who each of them is, what charge formats they are, enable / disable charging, status etc.


      Presumably one or both ends of this connection aren't very good so they can be spoofed, e.g. altering data or replaying it. But to exploit the hack you'd have to perform a man-in-the-middle - basically your own extension cable which pretended to be the charger on one side and the car on the other and falsified the data. It's probably very specific to the vehicle and charger too, even the firmware version. So is it a class exploit? Probably not.


      There are probably other hacks that can occur from the outside. We know that some cars come with apps that allow you to control aspects of the car - air temperature, and such like. So it might be possible to cook someone's dog / baby, or lock the occupant out of the car, or pop the boot, or disengage the handbrake. But those would be different kinds of attack.

