Sebastian Köhler (University of Oxford)

Brokenwire is a novel attack against the Combined Charging System, one of the most widely used DC rapid charging technologies for electric vehicles (EVs). It interrupts necessary control communication between the vehicle and charger, causing charging sessions to abort. The attack requires only temporary physical proximity and can be conducted wirelessly from a distance, allowing individual vehicles or entire fleets to be disrupted stealthily and simultaneously. In addition, it can be mounted with off-the-shelf radio hardware and minimal technical knowledge. By exploiting CSMA/CA behavior, only a very weak signal needs to be induced into the victim to disrupt communication — exceeding the effectiveness of broadband noise jamming by three orders of magnitude. The exploited behavior is a required part of the HomePlug Green PHY, DIN 70121 & ISO 15118 standards and all known implementations exhibit it.

In this session, we will present how we studied the attack in a controlled environment on a testbed and then demonstrated it against eight vehicles and 20 chargers in real deployments. We further show how we evaluated the attack in different scenarios, including between the floors of a building (e.g., multi-story parking), through perimeter fences, and from ‘drive-by’ attacks. Finally, we present our heuristic model that we used to estimate the number of vehicles that can be attacked simultaneously for a given output power.

Brokenwire has immediate implications for a substantial proportion of the around 12 million battery EVs on the roads worldwide — and profound effects on the new wave of electrification for vehicle fleets, both for private enterprise and crucial public services, as well as electric buses, trucks and small ships. As such, we conducted a disclosure to the industry and discussed a range of mitigation techniques that could be deployed to limit the impact.

Speaker’s Biography

Sebastian Köhler is a doctoral researcher in the Centre for Doctoral Training in Cyber Security at the University of Oxford and part of the Systems Security Lab, focusing on the security of the physical-layer of large and complex systems, such as vision-based intelligent and automotive systems. He started specializing on Cyber Security during his undergraduate studies at the University of Applied Sciences Wurzburg-Schweinfurt, Germany. After his BSc, he received an MSc in Computing & Security and got awarded a prize for the best overall performance from King’s College London.

View More Papers

Parakeet: Practical Key Transparency for End-to-End Encrypted Messaging

Harjasleen Malvai (UIUC/IC3), Lefteris Kokoris-Kogias (IST Austria), Alberto Sonnino (Mysten Labs), Esha Ghosh (Microsoft Research), Ercan Oztürk (Meta), Kevin Lewi (Meta), Sean Lawlor (Meta)

Read More

Real Threshold ECDSA

Harry W. H. Wong (The Chinese University of Hong Kong), Jack P. K. Ma (The Chinese University of Hong Kong), Hoover H. F. Yin (The Chinese University of Hong Kong), Sherman S. M. Chow (The Chinese University of Hong Kong)

Read More

Improving In-vehicle Networks Intrusion Detection Using On-Device Transfer Learning

Sampath Rajapaksha (Robert Gordon University), Harsha Kalutarage (Robert Gordon University), M.Omar Al-Kadri (Birmingham City University), Andrei Petrovski (Robert Gordon University), Garikayi Madzudzo (Horiba Mira Ltd)

Read More

Access Your Tesla without Your Awareness: Compromising Keyless Entry...

Xinyi Xie (Shanghai Fudan Microelectronics Group Co., Ltd.), Kun Jiang (Shanghai Fudan Microelectronics Group Co., Ltd.), Rui Dai (Shanghai Fudan Microelectronics Group Co., Ltd.), Jun Lu (Shanghai Fudan Microelectronics Group Co., Ltd.), Lihui Wang (Shanghai Fudan Microelectronics Group Co., Ltd.), Qing Li (State Key Laboratory of ASIC & System, Fudan University), Jun Yu (State Key…

Read More