Design To Exploit: A Dive Into EV Charger Security

JONATHAN ANDERSSON, CONNOR FORD

March 21 @ San Jac Saloon >>

ABSTRACT

The electric vehicle space is fast moving with many companies scrambling to capitalize on the Electric Vehicle Supply Equipment (EVSE) market. Naturally, a diverse set of EV chargers has arose from this, each of which presents its own cybersecurity risks. We will discuss the current state of EVSE security through an analysis of 8 EV chargers and the findings from Pwn2Own Automotive 2024 and 2025. The design of a typical EV charger will be reviewed along with common attack surfaces. Further we will present the journey of researching an EV charger from scratch and include detail about a vulnerability that was successfully exploited as part of Pwn2Own Automotive.

Jonathan Andersson

Jonathan Andersson is the manager of Trend Micro's Advanced Security Research Group under ZDI/Trend Micro Research since 2010. He has 33 years of professional experience in fields including software development, electronic design, FPGA & PCB design, reverse engineering, and information security. He currently specializes in hardware, firmware, and RF signal reverse engineering. He has presented his original research globally to top-tier infosec conferences as well as by invitation to CERN and DARPA. He holds 15 US patents and is the creator of the Capture the Signal contest, an RF blind signal analysis contest for hackers and radio enthusiasts.

Connor Ford

Connor Ford is a Senior Hardware Vulnerability Researcher and a member of Trend Micro's Advanced Security Research team. His main areas of interest are firmware reverse engineering and vulnerability research, particularly involving real time operating systems. He started his professional career as a software developer and then transitioned over to the embedded cyber security space, which is where he plans to stay. Before joining Trend Micro he competed in multiple Pwn2Owns where he exploited a variety of embedded systems including EV chargers, routers and printers.

REGISTER NOW
Ringzer0 ★ BOOTSTRAP25
Welcome To BOOTSTRAP25 Thompson Conference Center, Austin TX // March 18-22 BOOK NOW Keep Austin reverse-engineering and learn with Ringzer0! Ringzer0 returns to the Thompson Conference Center, Austin, TX in March 2025 with BOOTSTRAP25, a celebration of South-West Cyber. Our one-day event follows a week of intense reverse engineering. Come for
Ringzer0Ringzer0

All BOOTSTRAP25 + Bootloader Mixer Talks and Workshops

See also
Our Sponsors
Gallery Image
Gallery Image
Gallery Image
Gallery Image
Great! Next, complete checkout for full access to Ringzer0
Welcome back! You've successfully signed in
You've successfully subscribed to Ringzer0
Success! Your account is fully activated, you now have access to all content
Success! Your billing info has been updated
Your billing was not updated