One Modem to Brick Them All: Exploiting Vulnerabilities in the EV Charging Communication

Presented at DEF CON 33 (2025), Aug. 9, 2025, 10:30 a.m. (45 minutes).

In this talk we present a collection of attacks against the most widely used EV charging protocol, by exploiting flaws in the underlying power-line communication technologies affecting almost all EVs and chargers. Specifically, we target the QCA 7000 Homeplug modem series, used by the two most popular EV charging systems, CCS and NACS. We demonstrate multiple new vulnerabilities in the modems, enabling persistent denial of service. To better understand the scope of these issues, we conduct a study of EV chargers and vehicles, and show widespread insecurities in existing deployments. We show a variety of practical real-world scenarios where the HomePlug link can be used to hijack EV charging communications, even at a distance. Finally, we present results from reverse engineering the firmware and how we can gain code execution. References: - Marcell Szakály, Sebastian Köhler, and Ivan Martinovic, ``Short: PIBuster: Exploiting a Common Misconfiguration in CCS EV Chargers'', at 3rd USENIX Symposium on Vehicle Security and Privacy (VehicleSec '25) - Marcell Szakály, Sebastain Köhler, and Ivan Martinovic, ``Current Affairs: A Security Measurement Study of CCS EV Charging Deployment'', at 34th USENIX Security Symposium 2025 - Sebastian Köhler, Richard Baker, Martin Strohmeier and Ivan Martinovic, ``Brokenwire : Wireless Disruption of CCS Electric Vehicle Charging'', at Network and Distributed System Security (NDSS) Symposium 2023 - Richard Baker and Ivan Martinovic. ``Losing the car keys: Wireless PHY-Layer insecurity in EV charging'', at 28th USENIX Security Symposium (USENIX Security 19), pp. 407-424. 2019. - Sébastien Dudek, Jean-Christophe Delaunay and Vincent Fargues, ``V2G Injector: Whispering to cars and charging units through the Power-Line'', in Proceedings of the SSTIC (Symposium sur la sécurité des technologies de l’information et des communications), Rennes, France. 2019.

Presenters:

• Marcell Szakály
  Marcell Szakály is a PhD student in the Systems Security Lab at the University of Oxford. His research focuses on the security of the EV charging infrastructure. He received his masters degree in Physics, and worked on superconducting magnet design. His work now involves RF hardware, SDRs, and digital electronics.
• Jan "SP3ZN45" Berens
  Jan Berens aka SP3ZN45 has been a goon in the QM department for several years now and is working full time as a redteamer at alpitronic SLR the leading manufacturer for DC chargers in Europe. His background is security consulting and penetration testing for critical infrastructures and industrial installations in Europe. Doing mostly non publicly disclosed security research and mentoring of beginners in the security domain.
• Sebastian Köhler
  Previous speaker at CarHackingVillage 2023, Redeploying the Same Vulnerabilities: Exploiting Wireless Side-Channels in Electric Vehicle Charging Protocols

Similar Presentations:

• CanSecWest 2024 / Electric Vehicle Chargers: Observations from Pwn2Own Automotive 2024
• May Contain Hackers (MCH2022) / How to charge your car the open source way with EVerest
• Black Hat Asia 2021 Virtual / X-in-the-Middle: Attacking Fast Charging Piles and Electric Vehicles