About the vulnerability
The vulnerabilities were found by experts working for SaiFlow, a company based in Israel that specializes in defending EV charging infrastructure and distributed energy resources.
The security loopholes are linked to the communications between the charging system management service (CSMS) and the EV charge point (CP), especially using the Open Charge Port Protocol (OCPP). The loopholes are believed to affect the CSMS offered by various vendors.
The issue is associated with the use of WebSocket communications by the OCPP and how it handles multiple connections poorly. The protocol lacks knowledge about handling more than one CP connection at a time and threat actors can abuse this by opening a new connection to the CSMS. Another problem is related to what SaiFlow explains as a “weak OCPP authentication and chargers identities policy.”
How does a hacker exploit the vulnerability?
By opening a new connection to the CSMS on behalf of a charge point, the threat actor can impact the original connection to be shut down or become non-functional.
As per SailFlow, a threat actor can misuse the loopholes to deploy a distributed denial of service (DDoS) attack that destroys the electric vehicle supply equipment (EVSE) network.
Besides this, if a threat actor can connect to CSMS, they may be able to get drive
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
Read the original article: