Tony Nasr (Concordia University), Sadegh Torabi (George Mason University), Elias Bou-Harb (University of Texas at San Antonio), Claude Fachkha (University of Dubai), Chadi Assi (Concordia University)

Electric Vehicle Charging Management Systems (EVCMS) are a collection of specialized software that allow users to remotely operate Electric Vehicle Charging Stations (EVCS). With the increasing number of deployed EVCS to support the growing global EV fleet, the number of EVCMS are consequently growing, which introduces a new attack surface. In this paper, we propose a novel multi-stage framework, ChargePrint, to discover Internet-connected EVCMS and investigate their security posture. ChargePrint leverages identifiers extracted from a small seed of EVCMS to extend the capabilities of device search engines through iterative fingerprinting and a combination of classification and clustering approaches. Using initial seeds from 1,800 discovered hosts that deployed 9 distinct EVCMS, we identified 27,439 online EVCS instrumented by 44 unique EVCMS. Consequently, our in-depth security analysis highlights the insecurity of the deployed EVCMS by uncovering 120 0-day vulnerabilities, which shed light on the feasibility of cyber attacks against the EVCS, its users, and the connected power grid. Finally, while we recommend countermeasures to mitigate future threats, we contribute to the security of the EVCS ecosystem by conducting a Coordinated Vulnerability Disclosure (CVD) effort with system developers/vendors who acknowledged and assigned the discovered vulnerabilities more than 20 CVE-IDs.

View More Papers

Automata-Based Automated Detection of State Machine Bugs in Protocol...

Paul Fiterau-Brostean (Uppsala University, Sweden), Bengt Jonsson (Uppsala University, Sweden), Konstantinos Sagonas (Uppsala University, Sweden and National Technical University of Athens, Greece), Fredrik Tåquist (Uppsala University, Sweden)

Read More

Kids, Cats, and Control: Designing Privacy and Security Dashboard...

Jacob Abbott (Indiana University), Jayati Dev (Indiana University), DongInn Kim (Indiana University), Shakthidhar Reddy Gopavaram (Indiana University), Meera Iyer (Indiana University), Shivani Sadam (Indiana University) , Shirang Mare (Western Washington University), Tatiana Ringenberg (Purdue University), Vafa Andalibi (Indiana University), and L. Jean Camp(Indiana University)

Read More

Are some prices more equal than others? Evaluating store-based...

Hugo Jonker (Open University Netherlands), Stefan Karsch (TH Koln), Benjamin Krumnow (TH Koln), Godfried Meesters (Open University Netherlands)

Read More

WIP: Towards the Practicality of the Adversarial Attack on...

Chen Ma (Xi'an Jiaotong University), Ningfei Wang (University of California, Irvine), Qi Alfred Chen (University of California, Irvine), Chao Shen (Xi'an Jiaotong University)

Read More