Demo: Ransom Vehicle through Charging Pile

Shangru Song, Hetian Shi, Ruoyu Lun, Yunchao Guan, Xiang Li, Jihu Zheng, Jianwei Zhuge
February, 2023 Vehicle
PDF Cite Poster Slides

Abstract

Ransom attacks have attracted widespread attention from researchers, however, there have been relatively few researches on vehicles, especially for electric vehicles (EVs). Such attacks mainly accomplish their purpose by exploiting vulnerabilities of vehicle itself, but often have a narrow attack surface. In this demo with real EVs and public charging piles, we show a new approach, the Charging Pile Ransom Attack (CPRA), that can remotely ransom EVs through the charging connector between EVs and charging piles. Additionally, we design a physical plugin for charging connectors that can extend the EV models affected by the described ransom attack. In this case, the CPRA needs a preparing step to locally install the plugin on the connector.

Type
Conference paper
Publication
In Proceedings of the 2023 Inaugural Symposium on Vehicle Security and Privacy. San Diego, California, Feburary 27, 2023. (Acceptance rate: 32/83=36.0% (overall), 20/49=40.8% (regular), 2/6=33.3% (short), 6/16=37.5% (wpi), and 4/12=33.3% (demons/posters))

Overview

In this demo with real EVs and public charging piles, we show a new approach, the Charging Pile Ransom Attack (CPRA), that can remotely ransom EVs through the charging connector between EVs and charging piles.

I presented the demo to the audience. Just one vote less than the runner. Remember to vote ASAP next time.

Vehicle Vehicle Security
Xiang Li
Xiang Li
Ph.D. Candidate in Cyberspace Security (Tsinghua University)

Xiang Li is a 5th-year Ph.D. candidate at the Institute of Network Science and Cyberspace, Tsinghua University, advised by Professors Qi Li and Haixin Duan. His research interests include network security, protocol security, IPv6 security, DNS security, Internet measurement, network & protocol fuzzing, network vulnerability discovery & attack, and underground economy with 17 research papers. As the first author, he has published many research papers at all top-tier security conferences, including Oakland S&P, USENIX Security, CCS, NDSS, and Black Hat (Asia, USA, and Europe). He has obtained over 190 CVE/CNVD vulnerability numbers, more than $11,600 rewards, 306+ GitHub stars, multiple CERT reports, 60+ news coverage, and RFC acknowledgement. He got multiple prizes, such as 1st prize of IPv6 Technology Application Innovation Competition, 2nd prize of GeekCon 2023 DAF Contest, National Scholarship, Wang Dazhong Scholarship, and Tsinghua Outstanding Scholarship.