Dr. Claude Fachkha, a cyber security professional and a faculty member at the college of engineering and IT at the University of Dubai, has published an article in a top ranked international security journal. “Our findings in this work identified vulnerabilities (weak systems) in more than 40 organizations, including Schneider Electric. We informed these organizations and some cooperated with us, fixed their issues, and eventually protected their systems. Furthermore, at least 12 CVEs have been published based on our work.”
Summary
The demand for Electric Vehicles (EVs) has been exponentially increasing, and to achieve sustainable growth, the industry dictated rapid development of the supporting infrastructure. This requires building a reliable EV charging ecosystem that serves customer demands while ensuring the security of the Internet-enabled systems and the connected critical infrastructure against possible cyber attacks. To this end, we devise a system lookup and collection approach to obtain a representative sample of widely deployed EV Charging Station Management Systems (EVCSMS). Furthermore, we leverage reverse engineering and penetration testing techniques to perform a first-of-a-kind comprehensive security and vulnerability analysis of the identified EVCSMS and their software/firmware implementations. Indeed, our systematic analysis unveils an array of vulnerabilities, which demonstrate the insecurity of the EVCSMS against remote cyber attacks. Considering the feasibility of such attacks, we discuss attack implications against the EV charging stations (EVCS) and their users. More importantly, we simulate the impact of practical cyber attack scenarios against the power grid, which result in possible service disruption and failure in the grid. Finally, while we recommend mitigation measures, our discoveries raise concerns about the lack of adequate security considerations in the design of the deployed EVCS, which will motivate vendors to take immediate action to patch their developed systems. Indeed, our communication with the concerned parties resulted in positive responses from some vendors such as Schneider Electric, who acknowledged our findings by reserving 12 CVEs, respectively.
Top ranked international journal and impact
This work has been published as an article in the world’s 6th best security journal (Elsevier Computers & Security) under the Google Scholar category (Computer Security and Cryptograph), with Impact Factor (IF 4.43), H5-index (64), and H5-median (109).
The Team & Affiliations
This research is a collaborative work between the University of Dubai, the Cyber Security Research Centre at Concordia University Canada, and the Cyber Center for Security and Analytics, and the University of Texas at San Antonio, San Antonio, Texas, USA.
· Tony Nasr (Main author, Steppa Cyber Security Engineer, CCCMTL)
· Dr. Sadegh Tourabi (Postdoctoral Research Fellow at George Mason University)
· Dr. Elias Bou Harb (Director at the UTSA Cyber Center for Security and Analytics)
· Dr. Claude Fachkha (Co-supervisor and faculty member at University of Dubai)
· Prof. Chadi Assi (Main supervisor and Professor at Concordia University Canada)
Reference
More on this publication can be found below
https://www.sciencedirect.com/science/article/pii/S0167404821003357
T Nasr, S Torabi, E Bou-Harb, C Fachkha, C Assi. “Power Jacking Your Station: In-Depth Security Analysis of Electric Vehicle Charging Station Management Systems.” Computers & Security (2021): 102511.