Date : 07 juin 2019 à 12:00 — 30 min.
Since vehicles became connected to a bus called CAN (Controller Area Network), many "garage" hackers got interested in investigating the different controllers, known as ECUs (Engine Control Units), and accessible via the On-Board Diagnostics (OBD) port. Among those different controllers, some of them are accessible via Wi-Fi, others via GPRS, 3G and 4G mobile networks, that could be attacked during a radio interception attack. Moreover, another little-known vector of attack will appear with the deployment of V2G (Vehicle-to-Grid) systems that communicate via power lines support. Nevertheless, no public tool exists to interface with these systems, but also to analyse and to inject V2G traffic. That is why we have developed a tool called "V2G Injector" to attack these systems.
In this presentation, we will briefly introduce the V2G concept and its similarities with domestic Power-Line Communication systems. Then, we will present the techniques we use in our tool that aim to interface with the system, monitor and inject traffic. We will also present a new specification vulnerability in the communication medium we have been able to exploit to intrude the V2G network. To finish, we will talk about issues we have found during our tests on real equipment, and mitigations we can encounter, or apply, in some contexts as well as possible bypasses.