Ofer Shezaf (Security Solutions Manager, HP ArcSight)

PRESENTATION TITLE:  Who Can Hack a Plug? The Infosec Risks of Charging Electric Cars

PRESENTATION ABSTRACT:

What could be insecure about charging an electric car? Just plug in to a power outlet and off you go… Nothing can be further from the truth.

The vision of electric cars call for charge stations to perform smart charging as part of a global smart grid. As a result, a charge station is a sophisticated computer that communicates with the electric grid on one side and the car on the other. To make matters worse, it’s installed outside on street corners and in parking lots. Electric vehicle charging stations bring with them new security challenges that show similar issues as found in SCADA systems, even if they use different technologies.

In this presentation, we will understand what charge stations really are, why they have to be ‘smart’ and the potential risks created to the grid, to the car and most importantly to its owner’s privacy and safety. We will discuss charge station architecture and functionality to identify potential weak spots. and will explore theoretical and real world vulnerabilities in these systems. In addition subsystems such as the car to charge station protocol, the embedded RFID reader, the electrical circuits and maintenance back doors will also be discussed. Lastly we will talk about potential solutions such as new key provisioning algorithms and limited authorization schemes.

ABOUT OFER SHEZAF

Ofer Shezaf is an internationally recognized application security expert. Ofer manages security solutions at HP ArcSight and prior to that managed web security research at HP Fortify and at Breach Security.

In between Ofer spent two years designing security architecture for charging infrastructure, RFID payment systems and vehicle telematics systems at Better Place, a company specializing in infrastructure for electric vehicles.

Ofer is an OWASP (Open Web Application Security Project) leader, the founder of the OWASP Israeli chapter and a WASC (Web Application Security Consortium) officer. Some community projects Ofer has led are the OWASP ModSecurity core rule set, the WASC web hacking incident database and the WASC/OWASP Web Application Firewall Evaluation criteria project.