Quick Takeaways
-
Exploit Simplicity: A security researcher compromised an EV charger using a simple NFC card swipe, highlighting vulnerabilities in automotive systems at the Pwn2Own competition.
-
Rising Vulnerabilities: The contest revealed 66 unique zero-day vulnerabilities, underscoring the persistent security issues in automotive IT and operational-technology components, particularly in infotainment systems and EV chargers.
-
Lack of Security: Infotainment systems remain easy targets due to unpatched bugs and inadequate security measures, while EV chargers, despite some improvements, still have significant attack surfaces.
-
Complex Attack Surface: Researchers exploited various entry points, including charging guns and built-in maintenance functionalities, illustrating the increased risks associated with electrifying vehicle infrastructure.
New Vulnerabilities Uncovered at Pwn2Own
Researchers recently exposed significant vulnerabilities in vehicle systems at the annual Pwn2Own competition in Tokyo. They demonstrated how a simple swipe of an NFC card near an electric vehicle charger could exploit its automotive system. This incident highlights the ongoing security issues plaguing both IT and operational-technology components in vehicles. During the first two days of the event, participants uncovered 66 unique zero-day vulnerabilities, achieving a success rate of five out of six attempts. However, they also noted that around a third of the attempts experienced complications due to overlaps with previously used exploits.
The majority of attacks focused on aftermarket infotainment systems and EV chargers. Even though EV chargers had improved security, they still presented a vast attack surface. Researchers exploited vulnerabilities not only through NFC but also via Bluetooth connections and even the charging gun itself. This raises critical concerns about the safety of electric vehicles. Experts warn that if a system can be compromised, it inevitably will be, potentially endangering the vehicle’s functionality.
Innovative Exploits Target EV Infrastructure
The competition also unveiled lesser-known methods of infiltrating electric vehicle systems. One such exploit involved using the signals transmitted through charging equipment. In one notable demonstration, researchers compromised a fast charger, revealing unexpected communication channels between vehicles and chargers. Although electric vehicle sales remain modest in the U.S., they represent a growing segment globally. This shift toward electrification increases the risk associated with connected infrastructure, as it remains vulnerable to attacks.
Experts believe that while car manufacturers focus on adopting software-defined designs for better maintenance, these designs increase the potential for exploitation. Even traditional fuel systems have vulnerabilities, but the interlinked nature of EV infrastructure poses even greater risks. As the industry moves quickly toward electrification, it faces challenges in establishing resilient security measures across an expanding network of connected devices.
Expand Your Tech Knowledge
Stay informed on the revolutionary breakthroughs in Quantum Computing research.
Explore past and present digital transformations on the Internet Archive.
CyberRisk-V1
