Tony Nasr (Concordia University), Sadegh Torabi (George Mason University), Elias Bou-Harb (University of Texas at San Antonio), Claude Fachkha (University of Dubai), Chadi Assi (Concordia University)

Electric Vehicle Charging Management Systems (EVCMS) are a collection of specialized software that allow users to remotely operate Electric Vehicle Charging Stations (EVCS). With the increasing number of deployed EVCS to support the growing global EV fleet, the number of EVCMS are consequently growing, which introduces a new attack surface. In this paper, we propose a novel multi-stage framework, ChargePrint, to discover Internet-connected EVCMS and investigate their security posture. ChargePrint leverages identifiers extracted from a small seed of EVCMS to extend the capabilities of device search engines through iterative fingerprinting and a combination of classification and clustering approaches. Using initial seeds from 1,800 discovered hosts that deployed 9 distinct EVCMS, we identified 27,439 online EVCS instrumented by 44 unique EVCMS. Consequently, our in-depth security analysis highlights the insecurity of the deployed EVCMS by uncovering 120 0-day vulnerabilities, which shed light on the feasibility of cyber attacks against the EVCS, its users, and the connected power grid. Finally, while we recommend countermeasures to mitigate future threats, we contribute to the security of the EVCS ecosystem by conducting a Coordinated Vulnerability Disclosure (CVD) effort with system developers/vendors who acknowledged and assigned the discovered vulnerabilities more than 20 CVE-IDs.

View More Papers

A Case Study on Fuzzing Satellite Firmware

Tobias Scharnowski and Felix Buchmann (Ruhr-Universitat Bochum), Simon Woerner and Thorsten Holz (CISPA Helmholtz Center for Information Security) Presenter: Tobias Scharnowski

Read More

Cyber Threat Intelligence for SOC Analysts

Nidhi Rastogi, Md Tanvirul Alam (Rochester Institute of Technology)

Read More

Private Certifier Intersection

Bishakh Chandra Ghosh (Indian Institute of Technology Kharagpur), Sikhar Patranabis (IBM Research - India), Dhinakaran Vinayagamurthy (IBM Research - India), Venkatraman Ramakrishna (IBM Research - India), Krishnasuri Narayanam (IBM Research - India), Sandip Chakraborty (Indian Institute of Technology Kharagpur)

Read More

Privacy-Preserving Database Fingerprinting

Tianxi Ji (Texas Tech University), Erman Ayday (Case Western Reserve University), Emre Yilmaz (University of Houston-Downtown), Ming Li (CSE Department The University of Texas at Arlington), Pan Li (Case Western Reserve University)

Read More