X-in-the-Middle: Attacking Fast Charging Piles and Electric Vehicles

Presented at Black Hat Asia 2021 Virtual, May 6, 2021, 2:20 p.m. (40 minutes)

Electric vehicles represented by Tesla are changing the way people travel. How to safely and quickly charge electric vehicles is a problem that manufacturers of electric vehicles and charging piles need to solve.

We conducted an in-depth analysis of the security of the DC fast charging communication protocol and found many interesting findings. This talk will mainly be divided into three parts. First, we will introduce the current global mainstream fast charging standards and communication protocols. Next, we will share how to build an X-in-the-Middle attack environment. We have written a security test tool called "XCharger", and it can be used to capture, modify, replay, and fuzz the data packets in the communication process. Finally, we will share how to use our tools to analyze the private charging pile agreement of a well-known electric vehicle manufacturer, and to exploit the protocol vulnerability of DC fast charging pile to achieve free charging, and to change the charging voltage and current limits.


  • YuXiang Li - Senior Security Researcher, Tencent Blade Team   as Yuxiang Li
    Yuxiang Li is a senior security researcher at the Tencent Blade Team and specializes in the study of mobile security, IoT security, and browser security. He has reported multiple vulnerabilities in Android and Chrome and has received acknowledgments from many companies such as Google. He has spoken at Black Hat USA, DEF CON and HITB AMS.
  • Wu HuiYu - Senior Security Researcher, Tencent Blade Team
    Wu HuiYu is a senior security researcher of Tencent Blade Team. Now his job is mainly focusing on AIoT security research. He is also a bug hunter, winner of GeekPwn 2015 & 2020, and speaker of Black Hat USA, DEFCON, HITB and POC.


Similar Presentations: