RFID card technology is not working. Sure, it is the most widely used tool to charge electric vehicles but, at the same time, insecure RFID cards put both vehicles and drivers at incredible risk to hackers. Electric vehicle charging stations haven’t yet been widely adopted and already, they are being successfully hacked.The good news is: a solution exists. The e-mobility industry simply needs to implement it. In this post, we’ll look how current charging practices place users at extreme risk for financial fraud and what’s being done (and not done) to combat it. We’ll also cover preventative measures you can take right now to avoid the security breach and widespread loss of user trust, and pave the way for seamless adoption of e-mobility around the world.
Europe’s largest association of hackers, the Chaos Computer Club (CCC), held their 34th annual Chaos Communication Congress in Germany this past December. There, CCC member Mathias Dalheimer’s talk isolated current RFID cards as simply not secure. RFID technology is supposed to identify and authorise users for a charging session, but instead it leaves leeway for financial fraud.
Dalheimer proved this through use cases in which hackers easily get access to the interior of a charging station, manipulate their configuration data and make counterfeit RFID cards to steal users’ account information. He said that it’s rather trivial for hackers to make counterfeit copies of RFID cards with the data gained from the charging station and fraudulently bill transactions to the unprotected accounts of countless users.
Sadly, this security risk has existed for years and shows no sign of letting up thanks to lack of motivation and inaction by the charging infrastructure industry.
The majority of mobility operators, the companies with whom you conclude a charging contract with, and Charging Station Operators (CPOs) continue to use MIFARE Classic RFID cards. A CCC talk given back in 2007 already demonstrated that the weak crypto implementation of MIFARE Classic technology could be hacked within a few simple steps, making it trivial to copy any other MIFARE Classic RFID card.
What’s worse is that companies had the chance to switch to the more secure MIFARE DESFire RFID cards long ago. Had they applied the cryptographic security mechanism that comes with those MIFARE DESFire cards, we wouldn’t be at this worrisome juncture.
More troubling still: most CPOs use only the Universal Unique Identifier (UUID) stored on each RFID card to identify and authorise users for a charging process; the UUID is a publicly readable token and isn’t protected by any cryptographic mechanism whatsoever. A hacker can simply hold their fake copy of a user’s RFID card to the charging station’s reader and the counterfeit-copy of a user’s UUID will be communicated to the CPO’s backend IT system using the widespread Open Charge Point Protocol (OCPP). The CPO then uses this faulty user data to bill mobility operators for unlimited charging that the user did not authorise.
Dalheimer points out that OCPP version 1.5, as it is used at most charging stations, does not use a digital signature-based authentication procedure and therefore has a level of data security that is essentially non-existent. He adds that hacking the UUIDs of countless previous charging sessions is as simple as using a screwdriver to open the charging station and plugging in a USB stick. Add a programmable RFID card to the mix and using other people’s accounts for fraudulent charging sessions becomes nearly effortless.
Since charging processes are often only billed on a monthly basis, the user is confronted with the problem of having to challenge unauthorised charging processes in the end.
Mr. Dalheimer is right to be sounding the alarm. He called for the e-mobility industry to meet the following demands:
On the eve of widespread adoption of the electric car, it is irresponsible for companies to knowingly wait for “enough” cases of financial fraud and user upset to finally change course and implement a more secure technology. Especially when that technology already exists.
As welcome as I find his alarm, I’m surprised Mr. Dalheimer hasn’t realised that a responsible faction of the e-mobility industry is already using a tested solution that meets his demands. That is: ISO 15118, an internationally standardised Vehicle-to-Grid (V2G) communication interface.
Mr. Dalheimer detailed numerous concerning use cases of hackers infiltrating EV charging and billing. The promising technology of ISO 15118 and its convenient, tamper-free Plug & Charge identification mechanism have made these scenarios a thing of the past for companies like Innogy SE (acting as a CPO) and Daimler, who implement this technology in their Smart Electric Drive vehicles.
Allow me to show you what a secure charging session looks like:
Within the ISO 15118 framework, users choose their form of identification. They can opt to use External Identification Means (EIM) if necessary, which requires them to present an RFID card to the charging station’s reader, scan a QR code or manually insert a credit card for identification and payment.
For users concerned about protecting their data, they also have the option to select Plug & Charge instead. With the future-proofed Plug & Charge feature, the only user action required is to plug the charging cable from the EV to the charging station. All aspects of authentication, authorisation, intelligent load control, and billing are taken care of automatically.
This advanced technology is based on public key infrastructures (PKIs) with digital certificates and digital signatures secured by a hybrid crypto system of symmetric and asymmetric encryption algorithms.
Transport Layer Security (TLS) is mandatory for Plug & Charge to establish a secured communication channel between the EV and the charging station. For EIM identification, the first edition of ISO 15118 also allows unencrypted data transmission. Yet, when the second edition comes out in 2019, TLS will be mandatory in all cases.
Additionally, XML-based digital signatures ensure that the authenticity and integrity of the exchanged data is still protected when sent from the charging station to the CPO and from there to other market players, like your mobility operator.
Mr. Dalheimer makes the case that the current version of OCPP is worryingly insecure. While he gave a thorough description of the enormous risk, he again overlooked the solution already on the market: OCPP version 2.0.
Just before his December 2017 talk, the Open Charge Alliance (OCA) published OCPP 2.0 for a public review. As a member of both the ISO 15118 standardisation body and the OCA, I helped to draft OCPP 2.0 and made sure that ISO 15118 data structures and security features are built right into this charging station management protocol. I am confident that this is the forward-looking resolution to the inherent data security risks within the industry’s current charging infrastructure.
In an ideal world, all charging stations would have ISO 15118-compliant features and total interoperability, not just for ease of engineers and manufactures but most importantly: drivers. At the end of his talk, Dalheimer proposes that the e-mobility community comes together to create solutions that solve this potential catastrophe of data security getting hacked all over the world. I agree. But there is no need to go back to the drawing board.
The solution to data security is here. The longer we delay taking action, the more we risk losing the money and trust of growing numbers of drivers and early adopters all over the world. We are in a pivotal moment for the future of e-mobility and it is time for players industry-wide to embrace ISO 15118 and related protocols like OCPP 2.0.
To gain practical experience with ISO 15118 and its Plug & Charge feature, take a look at RISE V2G (GitHub) – an intensively tested reference implementation of ISO 15118 that is highly appreciated by companies and research institutions worldwide. A perfect starting guide for RISE V2G is the free RISE V2G Basics online course called “Revolutionize Electric Vehicle Charging – With Plug & Charge Powered by RISE V2G”.
I have long envisioned the day when electric vehicles finally outnumber the gas guzzlers currently polluting our environment. My hope is that this vision becomes reality within the next ten years – at least as far as new registration figures are concerned. I’ll do everything I can with my work to facilitate this goal.
Contact me anytime via email or the chat box in the lower right corner with questions, comments and feedback.
Sign up at the bottom of this page for the V2G Clarity newsletter and get these topics and more delivered right to your inbox. No spam guarantee.
Sara stands for Station Analytics and Remote Administration
The Open Charge Alliance is the official body that specifies OCPP 2.0.1 and defines a set of certification profiles. Each profile tests a certain set of functionalities. Depending on the functionality of your charger or CSMS, you might want to certify for either a subset or all of these profiles.
Continuous Integration / Continuous Deployment (CI/CD)
Scotti stands for Simple Compliance Testing Tool for Interoperability.
Efficient XML Interchange (EXI) is a very compact representation of XML. All ISO 15118 messages are defined in XML. EXI improves serialisation and parsing speed on embedded devices (like an EV and a charging station controller) and allows more efficient use of memory and battery life, compared to standard (textual) XML.
The Message Queuing Telemetry Transport (MQTT) is a lightweight, publish-subscribe network protocol that transports messages between devices.
A Charging Station Management System (CSMS) helps you monitor, maintain, and control your charger network.
Automated Connection Device (ACD), a conductive charging concept that doesn't require a person to plug in the charging cable. A first implementation is ACD-P, where 'P' stands for 'pantograph' charging of buses.
Power line communication, a communication technology that enables sending data over existing power cables.
Signal Level Attenuation Characterisation (SLAC) is based on power line communication (specifically HomePlug Green PHY) and is a protocol to establish the data link between the EV and the charging station via the charging cable.
Charge Point Operator, the entity monitoring and managing an EV charger network.