Reply to post: Re: "messages sent on the Controller Area Network"

Tencent research team scores free powerups for electric cars with Raspberry Pi-powered X-in-the-middle attack

DrXym Silver badge

Re: "messages sent on the Controller Area Network"

In this case it doesn't sound as if they are. An electric car and the charger communicate over the connection cable. It's basically a variant of HomePlug Powerline with a transport that rides over the current. When you plug the cable in, they'll handshake to say who each of them is, what charge formats they are, enable / disable charging, status etc.

<p>

Presumably one or both ends of this connection aren't very good so they can be spoofed, e.g. altering data or replaying it. But to exploit the hack you'd have to perform a man-in-the-middle - basically your own extension cable which pretended to be the charger on one side and the car on the other and falsified the data. It's probably very specific to the vehicle and charger too, even the firmware version. So is it a class exploit? Probably not.

<p>

There are probably other hacks that can occur from the outside. We know that some cars come with apps that allow you to control aspects of the car - air temperature, and such like. So it might be possible to cook someone's dog / baby, or lock the occupant out of the car, or pop the boot, or disengage the handbrake. But those would be different kinds of attack.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021