CVE-2022-0878 : Security Advisory and Response
Learn about CVE-2022-0878, a novel attack targeting Combined Charging System in electric vehicles, causing denial of service and requiring immediate mitigation measures.
A novel attack against the Combined Charging System (CCS) in electric vehicles has been identified, posing a serious threat to the charging infrastructure. The attack can remotely cause a denial of service, affecting charging sessions and disrupting electric vehicles, ships, airplanes, and heavy-duty vehicles that utilize the CCS and HomePlug GreenPHY technology.
Understanding CVE-2022-0878
Electric vehicles commonly use the CCS for rapid charging, relying on HomePlug GreenPHY for critical communication. The attack targets this communication link, leading to charging session interruptions by exploiting a vulnerability in the HPGP standard.
What is CVE-2022-0878?
The attack disrupts control communication between the vehicle and charger, causing charging sessions to abort. It can be executed wirelessly with minimal technical knowledge, affecting individual vehicles or entire fleets simultaneously.
The Impact of CVE-2022-0878
With a power budget of 1W, the attack can be successful from a distance of approximately 47 meters. This vulnerability affects all known implementations of the HomePlug GreenPHY, DIN 70121, and ISO 15118 standards, extending its impact beyond electric cars to other vehicles using these standards.
Technical Details of CVE-2022-0878
The vulnerability is classified with a CVSSv3.1 base score of 4.6 (Medium severity) due to its low attack complexity, physical attack vector, and high availability impact. No user interaction or privileges are required to exploit the vulnerability.
Vulnerability Description
The attack leverages electromagnetic interference to disrupt the communication link, exploiting a required behavior of the HomePlug GreenPHY standard.
Affected Systems and Versions
CCS versions up to 2.0 and HomePlug GreenPHY versions up to 1.1 are vulnerable to this attack.
Exploitation Mechanism
The attack can be conducted wirelessly with off-the-shelf radio hardware, allowing for disruption of charging sessions from a considerable distance.
Mitigation and Prevention
Effective mitigation strategies are crucial to safeguard charging infrastructure and prevent service disruptions.
Immediate Steps to Take
Using stronger shielded cables and enhancing physical security measures can reduce the viability of this attack. Avoiding charging on DC rapid chargers is currently the only way to prevent exploitation.
Long-Term Security Practices
Implementing robust authentication mechanisms and enhancing security protocols for communication links can help mitigate future attacks.
Patching and Updates
Regularly updating software and firmware components related to the CCS and HomePlug GreenPHY systems is essential to address known vulnerabilities and enhance overall system security.