Black Hat Asia Researchers have used the Black Hat Asia conference to demonstrate the awesome power of the Raspberry Pi as a car-p0wning platform.
Chinese web giant Tencent’s Blade Team, a security research group, showed they could circumvent payment schemes used at electric vehicle charging stations. Their exploits also changed the charging voltage and current, an act that could damage the EV.
“The construction of charging stations is accelerating all over the world, but there is little research on the security of electric vehicle infrastructure,” said TenCent Blade Team senior security researcher Wu HuiYu.
HuiYu and fellow TenCent Blader, Li YuXiang, tried out the attack on five rented electric cars of different models through a security test tool called “XCharger” that captures, modifies, replays and fuzzes the data packets in the communication process between the charging pile and the electric vehicle. The XCharger uses a Raspberry Pi or STM 32 microcontroller and is inserted between the charging pile and electric vehicle.
Charging stations have largely moved toward automating payments. While some vehicle companies use their own authentication and communication protocols, others rely on the VIN number which is insecure because it is visible in plaintext – literally – through a vehicle’s windshield.
To hack into these systems, the Tencent team used CANtools, software that allows observation and interpretation of messages sent on the Controller Area Network (CAN bus) used to connect devices in cars. CANtools allowed the researchers could translate messages created while charging, and from there alter messages, bypass authentication and avoid charges for charging.
The TenCent Blade team notified the vendors and the vulnerabilities have been addressed.
In another presentation, Indian security consultancy Amynasec Labs intern and mechanical engineering student Kartheek Lade cracked a car and controlled it via the internet using messages sent over the Telegram messaging service.
Lade’s software tool CANalyse analyses log files to find unique data sets. It can connect to a simple attacker interface like Telegram and can be installed inside a Raspberry Pi to exploit vehicles and control certain functions.
Lade demoed an attack in which he controlled some of a vehicle’s functions with Telegram messages. The researcher said he could “brick” the car with commands sent in this way. He also warned others not to try his exploits without the necessary permission. ®