Black Hat USA 2025 | Peril at the Plug: Investigating EV Charger Security and Safety Failures

The Black Hat USA 2025 presentation titled “Peril at the Plug” examined the alarming security and safety gaps in electric‑vehicle (EV) chargers, drawing on findings from the PON (Pon Automotive) hacking contest. The speakers outlined the extensive attack surface—multiple CPUs, operating systems, cloud links, Bluetooth‑enabled mobile apps, and a plethora of network protocols—making chargers ripe for exploitation. Key insights included a surge of low‑complexity bugs such as buffer overflows, authentication flaws, and command injection, many of which persisted across 2024‑2025 contests. Notable exploits featured a Raspberry‑Pi‑driven firmware downgrade of a Tesla wall connector exposing debug services, an out‑of‑bounds write in an Autel charger’s USB setup packet, and a cloned RFID reset on Wolf‑Box devices that allowed malicious firmware injection. These vulnerabilities enabled remote code execution without memory protection and even fleet‑wide compromise via cloud bugs. The researchers demonstrated how manipulating the control‑pilot PWM duty cycle can force chargers to deliver up to 80 A, far beyond safe limits, and built a 27 kW load‑bank rig to test over‑current scenarios. By physically rerouting the relay‑control pin, they bypassed software safeguards, showing that hardware‑level safety mechanisms are often absent, raising the specter of fires or infrastructure damage. The findings underscore a pressing need for manufacturers to harden both firmware and hardware, enforce memory protection, and implement robust, tamper‑resistant safety circuits. Regulators and standards bodies may soon require stricter certification to prevent dangerous over‑current attacks and protect consumers and the power grid.