Security News > 2021 > May > Tencent research team scores free powerups for electric cars with Raspberry Pi-powered X-in-the-middle attack

Tencent research team scores free powerups for electric cars with Raspberry Pi-powered X-in-the-middle attack
2021-05-11 04:04

Chinese web giant Tencent's Blade Team, a security research group, showed they could circumvent payment schemes used at electric vehicle charging stations.

Their exploits also changed the charging voltage and current, an act that could damage the EV. "The construction of charging stations is accelerating all over the world, but there is little research on the security of electric vehicle infrastructure," said TenCent Blade Team senior security researcher Wu HuiYu.

HuiYu and fellow TenCent Blader, Li YuXiang, tried out the attack on five rented electric cars of different models through a security test tool called "XCharger" that captures, modifies, replays and fuzzes the data packets in the communication process between the charging pile and the electric vehicle.

The XCharger uses a Raspberry Pi or STM 32 microcontroller and is inserted between the charging pile and electric vehicle.

To hack into these systems, the Tencent team used CANtools, software that allows observation and interpretation of messages sent on the Controller Area Network used to connect devices in cars.

It can connect to a simple attacker interface like Telegram and can be installed inside a Raspberry Pi to exploit vehicles and control certain functions.


News URL

https://go.theregister.com/feed/www.theregister.com/2021/05/11/black_hat_asia_car_hacking/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Tencent 19 0 14 5 1 20