Related papers: DCeption: Real-world Wireless Man-in-the-Middle Attacks Against CCS EV Charging

DCeption: Real-world Wireless Man-in-the-Middle Attacks Against CCS EV Charging

URL: http://arxiv.org/abs/2601.15515v1
Date: Wed, 21 Jan 2026 22:59:49 GMT
Title: DCeption: Real-world Wireless Man-in-the-Middle Attacks Against CCS EV Charging
Authors: Marcell Szakály, Martin Strohmeier, Ivan Martinovic, Sebastian Köhler,
Abstract summary: We present the first real-time Software-Defined Radio (SDR) implementation of HomePlug Green PHY (HPGP)<n>We analyze the characteristics of 2,750 real-world charging sessions to understand the timing constraints for hijacking.<n>We propose a backwards-compatible, downgrade-proof protocol extension to mitigate the underlying vulnerabilities.
Score: 13.008518270943853
License: http://arxiv.org/licenses/nonexclusive-distrib/1.0/
Abstract: The adoption of Electric Vehicles (EVs) is happening at a rapid pace. To ensure fast and safe charging, complex communication is required between the vehicle and the charging station. In the globally used Combined Charging System (CCS), this communication is carried over the HomePlug Green PHY (HPGP) physical layer. However, HPGP is known to suffer from wireless leakage, which may expose this data link to nearby attackers. In this paper, we examine active wireless attacks against CCS, and study the impact they can have. We present the first real-time Software-Defined Radio (SDR) implementation of HPGP, granting unprecedented access to the communications within the charging cables. We analyze the characteristics of 2,750 real-world charging sessions to understand the timing constraints for hijacking. Using novel techniques to increase the attacks' reliability, we design a robust wireless Man-in-the-Middle evaluation framework for CCS. We demonstrate full control over TLS usage and CCS protocol version negotiation, including TLS stripping attacks. We investigate how real devices respond to safety-critical MitM attacks, which modify power delivery information, and found target vehicles to be highly permissive. First, we caused a vehicle to display charging power exceeding 900 kW on the dashboard, while receiving only 40 kW. Second, we remotely overcharged a vehicle, at twice the requested current for 17 seconds before the vehicle triggered the emergency shutdown. Finally, we propose a backwards-compatible, downgrade-proof protocol extension to mitigate the underlying vulnerabilities.

Related papers

Security Analysis of LTE Connectivity in Connected Cars: A Case Study of Tesla [4.785568481453944]
We conduct a black-box, non-invasive security analysis of LTE connectivity in Tesla vehicles, including the Model 3 and Cybertruck.<n>We find that Tesla's telematics stack is susceptible to IMSI catching, rogue base station hijacking, and insecure fallback mechanisms that may silently degrade service availability.
arXiv Detail & Related papers (2025-10-24T21:03:48Z)
Physical-Layer Signal Injection Attacks on EV Charging Ports: Bypassing Authentication via Electrical-Level Exploits [3.6297580775927933]
We investigate the security of major charging protocols such as SAE J1772, CCS, IEC 61851, GB/T 20234, and NACS.<n>By inserting a compact malicious device into the charger connector, attackers can inject fraudulent signals to sabotage the charging process.<n>We propose PORTulator, a proof-of-concept (PoC) attack hardware, including a charger gun plugin device for injecting physical signals and a wireless controller for remote manipulation.
arXiv Detail & Related papers (2025-06-19T15:31:29Z)
Profiling Electric Vehicles via Early Charging Voltage Patterns [56.4040698609393]
Electric Vehicles (EVs) are rapidly gaining adoption as a sustainable alternative to fuel-powered vehicles.<n>Recent results showed that attackers may steal energy through tailored relay attacks.<n>One countermeasure is leveraging the EV's fingerprint on the current exchanged during charging.
arXiv Detail & Related papers (2025-06-09T12:57:37Z)
DynamiQS: Quantum Secure Authentication for Dynamic Charging of Electric Vehicles [61.394095512765304]
Dynamic Wireless Power Transfer (DWPT) is a novel technology that allows charging an electric vehicle while driving. Recent advancements in quantum computing jeopardize classical public key cryptography. We propose DynamiQS, the first post-quantum secure authentication protocol for dynamic wireless charging.
arXiv Detail & Related papers (2023-12-20T09:40:45Z)
Charge Manipulation Attacks Against Smart Electric Vehicle Charging Stations and Deep Learning-based Detection Mechanisms [49.37592437398933]
"Smart" electric vehicle charging stations (EVCSs) will be a key step toward achieving green transportation. We investigate charge manipulation attacks (CMAs) against EV charging, in which an attacker manipulates the information exchanged during smart charging operations. We propose an unsupervised deep learning-based mechanism to detect CMAs by monitoring the parameters involved in EV charging.
arXiv Detail & Related papers (2023-10-18T18:38:59Z)
Reinforcement Learning based Cyberattack Model for Adaptive Traffic Signal Controller in Connected Transportation Systems [61.39400591328625]
In a connected transportation system, adaptive traffic signal controllers (ATSC) utilize real-time vehicle trajectory data received from vehicles to regulate green time. This wirelessly connected ATSC increases cyber-attack surfaces and increases their vulnerability to various cyber-attack modes. One such mode is a'sybil' attack in which an attacker creates fake vehicles in the network. An RL agent is trained to learn an optimal rate of sybil vehicle injection to create congestion for an approach(s)
arXiv Detail & Related papers (2022-10-31T20:12:17Z)
COOPERNAUT: End-to-End Driving with Cooperative Perception for Networked Vehicles [54.61668577827041]
We introduce COOPERNAUT, an end-to-end learning model that uses cross-vehicle perception for vision-based cooperative driving. Our experiments on AutoCastSim suggest that our cooperative perception driving models lead to a 40% improvement in average success rate.
arXiv Detail & Related papers (2022-05-04T17:55:12Z)
Brokenwire : Wireless Disruption of CCS Electric Vehicle Charging [16.527929607417178]
We present a novel attack against the Combined Charging System, one of the most widely used DC rapid charging technologies for electric vehicles (EVs) Our attack, Brokenwire, interrupts necessary control communication between the vehicle and charger, causing charging sessions to abort. We find the attack to be successful in the real world, at ranges up to 47 m, for a power budget of less than 1 W.
arXiv Detail & Related papers (2022-02-04T12:38:35Z)
Mind the GAP: Security & Privacy Risks of Contact Tracing Apps [75.7995398006171]
Google and Apple have jointly provided an API for exposure notification in order to implement decentralized contract tracing apps using Bluetooth Low Energy. We demonstrate that in real-world scenarios the GAP design is vulnerable to (i) profiling and possibly de-anonymizing persons, and (ii) relay-based wormhole attacks that basically can generate fake contacts.
arXiv Detail & Related papers (2020-06-10T16:05:05Z)

This list is automatically generated from the titles and abstracts of the papers in this site.

This site does not guarantee the quality of this site (including all information) and is not responsible for any consequences.