In this paper, we study the security posture of the EV charging ecosystem against a new type of remote that exploits vulnerabilities in the EV charging mobile applications as an attack surface. We leverage a combination of static and dynamic analysis techniques to analyze the security of widely used EV charging mobile applications. Our analysis was performed on 31 of the most widely used mobile applications including their interactions with various components such as cloud management systems. The attack, scenarios that exploit these vulnerabilities were verified on a real-time co-simulation test bed. Our discoveries indicate the lack of user/vehicle verification and improper authorization for critical functions, which allow adversaries to remotely hijack charging sessions and launch attacks against the connected critical infrastructure. The attacks were demonstrated using the EVCS mobile applications showing the feasibility and the applicability of our attacks. Indeed, we discuss specific remote attack scenarios and their impact on EV users. More importantly, our analysis results demonstrate the feasibility of leveraging existing vulnerabilities across various EV charging mobile applications to perform wide-scale coordinated remote charging/discharging attacks against the connected critical infrastructure (e.g., power grid), with significant economical and operational implications. Finally, we propose countermeasures to secure the infrastructure and impede adversaries from performing reconnaissance and launching remote attacks using compromised accounts.

翻译：本文研究了电动汽车充电生态系统在面对一种新型远程攻击时的安全态势，该攻击利用电动汽车充电移动应用中的漏洞作为攻击面。我们结合静态和动态分析技术，对广泛使用的电动汽车充电移动应用的安全性进行了分析。分析针对31款最常用的移动应用展开，包括它们与云管理系统等各类组件的交互。利用这些漏洞的攻击场景已在实时联合仿真测试平台上得到验证。我们的发现表明，用户/车辆验证缺失以及关键功能授权不当，使得攻击者能够远程劫持充电会话，并对相连的关键基础设施发起攻击。通过使用电动汽车充电站移动应用演示了这些攻击，证明了我们攻击的可行性和适用性。我们具体讨论了远程攻击场景及其对电动汽车用户的影响。更重要的是，我们的分析结果证明了利用各类电动汽车充电移动应用中的现有漏洞，对相连的关键基础设施（如电网）进行大规模协调远程充/放电攻击的可行性，这将产生重大的经济和运营影响。最后，我们提出了安全加固措施，以保护基础设施，并阻止攻击者利用被攻破的账户进行侦察和远程攻击。