We present a novel attack against the Combined Charging System, one of the most widely used DC rapid charging technologies for electric vehicles (EVs). Our attack, Brokenwire, interrupts necessary control communication between the vehicle and charger, causing charging sessions to abort. The attack requires only temporary physical proximity and can be conducted wirelessly from a distance, allowing individual vehicles or entire fleets to be disrupted stealthily and simultaneously. In addition, it can be mounted with off-the-shelf radio hardware and minimal technical knowledge. By exploiting CSMA/CA behavior, only a very weak signal needs to be induced into the victim to disrupt communication - exceeding the effectiveness of broadband noise jamming by three orders of magnitude. The exploited behavior is a required part of the HomePlug Green PHY, DIN 70121 & ISO 15118 standards and all known implementations exhibit it. We first study the attack in a controlled testbed and then demonstrate it against eight vehicles and 20 chargers in real deployments. We find the attack to be successful in the real world, at ranges up to 47 m, for a power budget of less than 1 W. We further show that the attack can work between the floors of a building (e.g., multi-story parking), through perimeter fences, and from `drive-by' attacks. We present a heuristic model to estimate the number of vehicles that can be attacked simultaneously for a given output power. Brokenwire has immediate implications for a substantial proportion of the around 12 million battery EVs on the roads worldwide - and profound effects on the new wave of electrification for vehicle fleets, both for private enterprise and crucial public services, as well as electric buses, trucks and small ships. As such, we conducted a disclosure to the industry and discussed a range of mitigation techniques that could be deployed to limit the impact.

翻译：我们提出了一种针对联合充电系统（Combined Charging System）的新型攻击，该系统是目前电动汽车（EV）最广泛使用的直流快速充电技术之一。我们的攻击方法Brokenwire可中断车辆与充电器之间必要的控制通信，导致充电会话终止。该攻击仅需临时物理接近，并可从一定距离外无线实施，从而能隐蔽且同时干扰单个车辆或整个车队。此外，攻击者可借助现成无线电硬件和最低技术知识发起攻击。通过利用CSMA/CA行为，只需向目标注入极弱信号即可中断通信——其效果比宽带噪声干扰高出三个数量级。被利用的行为是HomePlug Green PHY、DIN 70121及ISO 15118标准中的必需部分，且所有已知实现均存在此缺陷。我们首先在受控测试平台中研究该攻击，随后在真实部署条件下对8辆电动汽车和20个充电桩进行演示。结果表明，该攻击在现实世界中可成功实施，在功率消耗低于1瓦的情况下，有效距离可达47米。我们进一步证明，该攻击可通过建筑物楼层（例如多层停车场）、围栏，以及"驶过式"攻击发挥作用。我们提出一种启发式模型，用于估算在给定输出功率下可同时攻击的车辆数量。Brokenwire对全球道路上约1200万辆纯电动汽车的重大比例具有直接影响，并对企业、关键公共服务以及电动公交车、卡车和小型船舶的新一轮电气化浪潮产生深远影响。因此，我们已向行业进行信息披露，并讨论了可部署以减轻影响的一系列缓解技术。