Why you need to be fuzzing EV charging infrastructure

Last week, the BBC published an article commenting that electric vehicle charging points are set to reach 300,000 in number by 2030, with £450m to be made available to support this effort, under current Government plans. As the RAC then pointed out, this may not meet the growing demand.

With this huge imperative for speed, we need to make sure that cybersecurity actions are stepped up to match the pace of the roll out. CyTAL has been following the EV industry closely in recent months and having joined the Open Charge Alliance, has been taking a very close look at EV communication protocols.

It’s very clear that more work is needed to ensure the secure exchange of critical commands between electric vehicles, charging points and management systems. For example, just the other day CyTAL was fuzzing an OCPP implementation using ProtoCrawler. As well as finding one of the recently publicized Log4j vulnerabilities in a (now corrected) version of the implementation, we also uncovered a previously unknown vulnerability, within minutes of intelligent fuzzing.

It just goes to show why fuzzing is so important, especially in the development stages, why standards have a fair way to go yet and why fuzzing needs to be made more accessible for developers.