A new study highlights serious vulnerabilities in public electric vehicle (EV) charging infrastructure—specifically affecting Tesla and other popular EV brands—revealing how attackers could exploit unsecured charging systems to steal data, electricity, or even disrupt entire networks. The findings come from security researcher Brandon Perry, who analyzed the way electric cars and chargers communicate and uncovered multiple security gaps that leave drivers and infrastructure providers exposed.
EV Chargers Act as Network Interfaces Vulnerable to Manipulation
Charging an EV is more than just connecting a cable—it initiates a complex data exchange between the car and the charging station. According to Perry, both the vehicle’s charge port and the charger act as active network interfaces, establishing communication through powerline protocols similar to how Ethernet-over-powerline adapters work in homes.
Once connected, the charger and the EV negotiate protocol terms and automatically configure IPv6 addresses. This forms the basis of an unsecured link, which, if intercepted, can expose standardized identifiers such as EVCCID (Electric Vehicle Communication Controller ID), EVSEID (Electric Vehicle Supply Equipment ID), and the vehicle’s current state of charge. Perry’s research confirms that this data exchange is typically unencrypted and often relies on self-signed certificates—raising serious concerns about spoofing and impersonation.
“Digital communication between the charger and the electric car happens via powerline communication. If you’ve ever used the wall plugs that turn your house’s copper wiring into ethernet, it’s the same thing,” the researcher explained.
Attackers could leverage this unencrypted link to carry out man-in-the-middle attacks, enabling them to capture sensitive identifiers or manipulate charging behaviors. Since EVCCIDs are tied to billing through Plug & Charge systems, a malicious actor could theoretically spoof these identifiers to fraudulently authorize charging sessions as another vehicle—essentially stealing electricity on someone else’s dime.
From Packet Capture to Network Control: What Hackers Can Do
To demonstrate the risks, Perry set up a Linux-based charger and captured traffic between it and a Tesla vehicle. Through this setup, he generated malformed data payloads and identified bugs that could crash the charging process or expose deeper system vulnerabilities.
One major concern lies in how many public chargers are configured. Developers often overlook that the power cable itself can act as a network entry point. The researcher found instances where SSH ports were left open and listening on any IP address, including those coming from the car itself.
“A ‘vehicle’ could connect, initiate the network, and attempt to authenticate to SSH over the charger cable,” Perry wrote in a post on the oss-security mailing list. “You can imagine the interesting implications here.”
Through this method, an attacker impersonating a vehicle could brute-force SSH credentials and potentially gain full access to the charger’s operating system—effectively compromising the device and any management system it connects to.
Denial of Service Risks for Charging Networks
The threat doesn’t stop at a single charger. Most public chargers are managed via centralized Charging Station Management Systems (CSMS), which handle everything from power distribution and billing to firmware updates. Perry’s findings show that CSMS platforms such as StEVe CSMS and CitrineOS can be completely knocked offline through targeted crashes, opening the door to widespread denial-of-service attacks.
These CSMS platforms are essential to the functioning of large-scale EV charging operations, especially in urban environments where fleet vehicles and public chargers rely on seamless backend support. If attackers can disable these platforms, they could disrupt services for thousands of users across an entire city or region.
Logs generated from these types of attacks can be misleading, often showing obscure local IPs connecting to chargers—making it harder for administrators to identify the intrusion or track the source of the attack.
Physical Weaknesses and Real-World Impact
In addition to digital risks, Perry’s research underscores the physical vulnerabilities of EV chargers. Many charging ports on EVs—including Teslas—can be forced open without triggering alarms. Once physically accessed, these ports can be used to interface with debug hardware commonly available to hobbyists and security testers.
The broader consequences are yet to be fully explored, but the implications are clear. Compromised chargers could be used to launch attacks against vehicle systems or even target components tied to the power grid. This creates a potential pathway not just for financial theft or localized outages, but for far more serious disruptions if orchestrated at scale.
Why This Matters for Infrastructure Security
As EV adoption accelerates globally, securing the supporting infrastructure is critical. With so many charging stations deployed across public spaces and commercial facilities, each charger represents a potential entry point into a larger network. Businesses, cities, and utilities must now view EV charging infrastructure as part of their broader attack surface.
To defend against such vulnerabilities, it’s essential that operators secure their networks with proactive monitoring, hardened authentication, and isolation strategies. Just as important, any system that collects data—especially billing identifiers—must be protected with proper encryption and certificate validation.
In the event of a breach, recovering lost or compromised data quickly becomes a top priority. That’s where having a secure backup solution with built-in immutability plays a vital role in resilience planning.
Looking for a trusted recovery solution?
Defend your organization with StoneFly DR365—an air-gapped, immutable backup and recovery appliance trusted by enterprises to ensure zero data loss even in the event of complex cyberattacks.
