Electric Vehicle (EV) has become one of the promising solutions to the ever-evolving environmental and energy crisis. The key to the wide adoption of EVs is a pervasive charging infrastructure, composed of both private/home chargers and public/commercial charging stations. The security of EV charging, however, has not been thoroughly investigated. This paper investigates the communication mechanisms between the chargers and EVs, and exposes the lack of protection on the authenticity in the SAE J1772 charging control protocol. To showcase our discoveries, we propose a new class of attacks, ChargeX, which aims to manipulate the charging states or charging rates of EV chargers with the goal of disrupting the charging schedules, causing a denial of service (DoS), or degrading the battery performance. ChargeX inserts a hardware attack circuit to strategically modify the charging control signals. We design and implement multiple attack systems, and evaluate the attacks on a public charging station and two home chargers using a simulated vehicle load in the lab environment. Extensive experiments on different types of chargers demonstrate the effectiveness and generalization of ChargeX. Specifically, we demonstrate that ChargeX can force the switching of an EV's charging state from ``stand by" to ``charging", even when the vehicle is not in the charging state. We further validate the attacks on a Tesla Model 3 vehicle to demonstrate the disruptive impacts of ChargeX. If deployed, ChargeX may significantly demolish people's trust in the EV charging infrastructure.

翻译：电动汽车已成为应对日益严峻的环境与能源危机的重要解决方案之一。电动汽车广泛普及的关键在于覆盖广泛的充电基础设施，包括家用/私人充电器以及公共/商业充电站。然而，电动汽车充电的安全性尚未得到充分研究。本文探究了充电器与电动汽车之间的通信机制，揭示了SAE J1772充电控制协议在真实性保护方面的缺失。为展示我们的发现，我们提出了一类新型攻击——ChargeX，其旨在操纵电动汽车充电器的充电状态或充电速率，从而破坏充电计划、引发拒绝服务攻击或降低电池性能。ChargeX通过植入硬件攻击电路，策略性地篡改充电控制信号。我们设计并实现了多种攻击系统，并在实验室环境中使用模拟车辆负载对一台公共充电站及两台家用充电器进行了攻击评估。针对不同类型充电器的广泛实验验证了ChargeX的有效性与泛化能力。具体而言，我们证明即使车辆未处于充电状态，ChargeX也能强制将其充电状态从“待机”切换为“充电”。我们进一步在特斯拉Model 3车辆上验证了攻击，展示了ChargeX的破坏性影响。若被部署，ChargeX可能严重削弱公众对电动汽车充电基础设施的信任。