Friend
Professional
- Messages
- 2,653
- Reaction score
- 851
- Points
- 113
The vulnerability in the Autel MaxiCharger does not require any special skills or equipment from the attacker.
At the Pwn2Own Automotive 2024 competition, which took place in January this year in Tokyo, a team of researchers demonstrated vulnerabilities in three different EV chargers: Autel MaxiCharger, ChargePoint Home Flex and JuiceBox 40. One of the most interesting results was the successful execution of the code on the Autel MaxiCharger (model MAXI US AC W12-L-4G) via Bluetooth with no additional conditions other than being in range.
The Autel MaxiCharger charger has a variety of hardware features such as Wi-Fi, Ethernet, Bluetooth, 4G LTE, RFID reader, and touch screen. During the investigation, the team discovered several serious vulnerabilities, including the ability to bypass Bluetooth authentication (CVE-2024-23958) and two buffer overflow vulnerabilities (CVE-2024-23959 and CVE-2024-23967). These bugs allowed attackers to gain full control over the device.
The main difficulty for the researchers was to extract the firmware of the device. The team made several attempts to understand how software updates work through a mobile app and Bluetooth. After discovering that the update download links were obfuscated, the hackers were able to decrypt them using a character substitution method, allowing them to download the firmware and start analysis.
During the analysis, the researchers identified a bug in the Bluetooth authentication process that allowed the use of pre-embedded code in the firmware to bypass authentication. This meant that any device within Bluetooth range could connect to the charger without entering an authentication code.
A vulnerability in data processing via Bluetooth was also discovered, which made it possible to cause a buffer overflow and execute arbitrary code on the device. An attacker could, for example, reprogram the device to operate outside of its standard safety settings, potentially causing damage to the car or charger.
Interestingly, the Autel MaxiCharger has a feature that allows the owner to offer their charger for general use, with the possibility of receiving a refund for the energy consumed. The researchers noted that hacking such a device could allow attackers to manipulate energy consumption reports, which opens up opportunities for fraud.
At the end of their study, the team noted that many EV chargers have a lot of pluggable features, which makes them vulnerable to various kinds of attacks. Despite the fact that Autel promptly released patches, the researchers stressed the importance of regular firmware updates and thorough checking of devices for vulnerabilities.
In the future, such research will help strengthen the security of electric vehicle charging infrastructure and prevent possible attacks that could affect both electric vehicle owners and entire city power systems.
Source
At the Pwn2Own Automotive 2024 competition, which took place in January this year in Tokyo, a team of researchers demonstrated vulnerabilities in three different EV chargers: Autel MaxiCharger, ChargePoint Home Flex and JuiceBox 40. One of the most interesting results was the successful execution of the code on the Autel MaxiCharger (model MAXI US AC W12-L-4G) via Bluetooth with no additional conditions other than being in range.
The Autel MaxiCharger charger has a variety of hardware features such as Wi-Fi, Ethernet, Bluetooth, 4G LTE, RFID reader, and touch screen. During the investigation, the team discovered several serious vulnerabilities, including the ability to bypass Bluetooth authentication (CVE-2024-23958) and two buffer overflow vulnerabilities (CVE-2024-23959 and CVE-2024-23967). These bugs allowed attackers to gain full control over the device.
The main difficulty for the researchers was to extract the firmware of the device. The team made several attempts to understand how software updates work through a mobile app and Bluetooth. After discovering that the update download links were obfuscated, the hackers were able to decrypt them using a character substitution method, allowing them to download the firmware and start analysis.
During the analysis, the researchers identified a bug in the Bluetooth authentication process that allowed the use of pre-embedded code in the firmware to bypass authentication. This meant that any device within Bluetooth range could connect to the charger without entering an authentication code.
A vulnerability in data processing via Bluetooth was also discovered, which made it possible to cause a buffer overflow and execute arbitrary code on the device. An attacker could, for example, reprogram the device to operate outside of its standard safety settings, potentially causing damage to the car or charger.
Interestingly, the Autel MaxiCharger has a feature that allows the owner to offer their charger for general use, with the possibility of receiving a refund for the energy consumed. The researchers noted that hacking such a device could allow attackers to manipulate energy consumption reports, which opens up opportunities for fraud.
At the end of their study, the team noted that many EV chargers have a lot of pluggable features, which makes them vulnerable to various kinds of attacks. Despite the fact that Autel promptly released patches, the researchers stressed the importance of regular firmware updates and thorough checking of devices for vulnerabilities.
In the future, such research will help strengthen the security of electric vehicle charging infrastructure and prevent possible attacks that could affect both electric vehicle owners and entire city power systems.
Source
