Electric Vehicle DC charging tripped by a wireless hack Researchers from the University of Oxford published details of a vulnerability in the Combined Charging System that has the potential to abort charging. The Combined Charging System (CCS) is one of the plethora of standards in the EV charging world, and allows DC fast charging. Different plug types are used for the US and EU …
Yet another case of cheap & cheerful implementation...
I'm no RF engineer, but I'm sure there must be ways to shield the cable in a way that war-driving kids can't wreak havoc, and that a nearby lightning strike doesn't trigger the car's self-destruction procedure (I'm sure there is one somewhere in there).
I think the issue is that that data link is a low voltage AC on top of the DC power cable. Either the original connector standard didn't include data and this was a bodge or they were trying to save on pins/use standard industrial cable.
It's difficult to RF shield the thick DC power cable while keeping it flexible, and would mean you would need special expensive cable.
Point taken, but I'm pretty sure those are not cheap throwaway cables, so why can't they afford to add a coax for the data transmission? Just because the added cost of a couple cents per cable?
Obviously it's even cheaper to say "we take the security of our customers very seriously (now get out of my hair)" when something happens...
Embedding a data connection into a charging connector like that is very difficult from a design point of view, especially one that has to last thousands of mating cycles carried out by the uncaring public and be reliable. You'd have to have pins equally chunky for the data, for it to last.
Home Plug via the power pins really is about the best possible way. Though I don't suppose it's going to please radio hams or astronomers.
To be honest, if I was trying to irritate EV drivers then i'd be inclined to just cut the cable with a pair of bolt cutters; something which may become quite popular if EV drivers have cables running across footpaths like tripwires as some people have suggested might happen.
If it's crossing a footpath then it's going to be from a residential supply and so either 240v or 415v, more likely the former than the latter if the tripwire is running from a Victorian era terrace house across the footpath to the EV.
240v at 10A probably wouldn't even give a shock to the kids with the boltcutter with it's insulated handles, and definitely not if they were wearing insulated gloves. And even if it did; who doesn't know a sparky who hasn't had a shock bigger than that?
i'd be inclined to just cut the cable with a pair of bolt cutters
I was thinking some kind of pivoted contraption which allows a battery powered circular saw to bear down on the cable would allow oneself to be well away from the sparks when they fly.
Just slicing the outer sheathing of the cable and stripping a length bare is probably enough to merit a costly replacement.
Or tie a tow rope around it and drive off.
The one with "The Little Book of Calm" in the pocket
> The one with "The Little Book of Calm" in the pocket
Hmm, I don't have that one. I have "TANKS!" by Dennis de Groot, and "The History of Screaming" by Rachel Stewart. Are either of those what you're looking for? Maybe you've swallowed The Little Book of Calm?
"and that a nearby lightning strike doesn't trigger the car's self-destruction procedure (I'm sure there is one somewhere in there)."
You're not wrong. For the high voltage batteries that I'm familiar with, the pack has pyrotechnic devices that will sever the HV lines in the event of a severe crash. Sure, it has redundant sets of high-current contactors, but those can fail short under extreme conditions.
I haven't gotten to try it out yet, but I'm looking forward to the day my boss lets me give a pack that particular command!
> the pack has pyrotechnic devices that will sever the HV lines in the event of a severe crash
Nah, I was thinking more along the lines of the compulsory big red "self destruction" button planted easily accessible in plain sight (because it's an often needed and regularly used feature after all - Most SciFi movies make use of it at some point).
I can't imagine modern cars won't eventually have them, after all they slowly accumulate all the useless and/or annoying ideas any sick mind can sire.
Without having ever charged an EV i don't know, can you not simply unplug the power cable mid charge to stop it charging up or is it locked into place until the charge is completed?
As if you can simply pull it out mid charging, i suspect there are way more people going to do if they wanted to cause inconvenience to the owner of an unattended EVs on charging than rig up a modem, software and antenna to do wireless hack to interrupt the charging process.
At least with the standard here in the former colonies, the car locks the connector for home level 1/2 chargers but you can unplug the biggest fast chargers.
Whether this was a safety feature to unplug a smoking car or so parking lot owners can tow somebody overstaying, or just an oversight on the plug design
PS there are a couple of sense pins so it can kill the current quickly when you disconnect
The cables lock in place when the charging starts. On my car (VW ID4) you need to click the keyfob to unlock the car to release it, even if the car is unlocked already.
Similar happens at the other end if you are using a cable to connect to a lower output public charger, such as those outside supermarkets.
Typically you don't need to stay with the car while charging, you have an app on your phone so you can see the status. Therefore you want to make sure that someone else cannot stop your charging by unplugging you, or steal your cable.
Given the every increasing amount of technical gizmos that are incorporated within a vehicle now something like this is no surprise. What is interesting is that it is affected by such a low power.
Keyless entry is bad enough but all the Apps connecting things to phones for unlocking, remote start and so baffle me.
Keyless can be a convenience but just zapping a button on the keyfob is just has easy. As far as connectivity to a phone, I just fail to see the advantage. It is simply something that can be done and in this age, if something does not have an App, it appears to be considered "Old".
I suppose if you lose your car your could "remote wipe" it or maybe if self-driving is ever mad to work, press a button on your phone and the car comes to your location.
Now the only time I have experience of losing a car is when my wife took the kids swimming and parked in an empty carpark. When they returned the carpark was now quite full and they had not the foggiest idea which row the car was in. Panic phone call to me as if I could somehow locate the car from 10 miles away. All I could confirm was that it wasn't on the driveway, and yes she had taken the blue one......
You've obviously never been in a car with my wife! She has this strange inability to park in an empty car park, seemingly paralysed by the number of choices. If there are one or two cars in there, she will park next to them to the extent you can't open the door because you're that damned close!
So far it seems Tesla software security is pretty good (unlike their ability to detect tunnels painted on walls)
Probably cos Tesla is staffed by silicon valley type programmers rather than traditional automotive eng types = why would my car's internal canbus need security ?
They used an unshielded cable to transmit RF between devices (which must therefore be broadcasting crap all over the place) and didn't protect the same devices from any outside interference?. Presumably this is down to cost and a co-ax along with the welding cables was too much?
It's a wonder these chargers are able to work alongside each other at all...
It's not RF (well not deliberately) - RF would work! Doing bluetooth or zigbee or similar to a charger 1m away with all the authentication and error correction and channel management built into the radio protocol would be good.
Instead the electrical engineers started with power and voltage specs, and connectors that were different for all the makers, and nobody thought about data - why does a power plug need data ?
The home standards came up with a simple bodge with an extra 1Khz low voltage signal on top of the charge and it just detects, connected, can take more current, I'm full.
The commercial ones somebody realised that they might want to charge money as well as batteries. They invented a big fancy standard, which was in xml (because it was a big fancy standard) but everybody already had the expensive wires and connectors in place. So they bodged a low voltage modem signal on top of the DC. It at least has some data verification, which is why this attack works, if you add enough noise to scramble the data it shuts off rather than self destructs.
"The commercial ones somebody realised that they might want to charge money as well as batteries. They invented a big fancy standard, which was in xml (because it was a big fancy standard) but everybody already had the expensive wires and connectors in place."
XML !
So the next attack will be getting your car charged at the expense of the car next to you.
Thanks YAAC, the report itself is also interesting and contains this nugget, so yes they mitigated it rather than prevented it:-
"It is possible that a vehicle would begin communicating, not with the charger that it is physically con-nnected to, but with a nearby charger that happened to respond first, but is actually communicating via leaked signals. "
Operating between 2 and 28MHz I call that RF:-
"In brief, HPGP uses an Orthogonal Frequency-Division Multiplexing (OFDM) physical-layer operating in the 2 – 28 MHz band and modulating data onto (typically) 917 un-masked subcarriers spaced 24.414 kHz apart. The technology provides a set of communication modes that trade throughput vs. reliability with maximum speeds of 3.77, 4.92 (default), and 9.84 Mbps."
"They used an unshielded cable to transmit RF between devices (which must therefore be broadcasting crap all over the place) and didn't protect the same devices from any outside interference?"
Aren't there regulations for RF interference from/to device too? ie, they should not produce (too much) RF interference and also be able to ignore outside RF interference/ This sounds like it might be a major regulatory fail.
The wording you're referring to is:
(1) this device may not cause harmful interference, and (2) this device must accept any interference received, including interference that may cause undesired operation.
Which means that the interference mustn't damage the device, but stopping the charging is perfectly allowable. Also, it can produce interference as long as that interference isn't considered harmful (ie not microwaves that could cook people passing by)
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
