Hacking an Autel EV charger for free electricity: full RCE via Bluetooth and USB. ⛽⚡🚘🛜☠️
Security researchers Riccardo Mori and Robin David presented their security research on a popular Level 2 electric vehicle charger, the Autel MaxiCharger AC, as preparation for the Pwn2Own Automotive 2025 contest.
The authors explain their research path in detail, from extracting the firmware to discovering two serious vulnerabilities in the device:
1️⃣ A Bluetooth stack buffer overflow
2️⃣ A USB stack over-read/overwrite
They were then able to turn these vulnerabilities into full remote code execution (RCE).
If you’re into hardware security research, this work will definitely give you some extra ideas to try in your lab. Enjoy and please share it with your colleagues and friends! :)
More details:
Abusing Domestic EV Chargers through Bluetooth and USB
Presentation [Youtube]: https://lnkd.in/daCamECe
Slides [PPTX]: https://docs.google.com/presentation/d/1rWTccLDu7tIRv7Ykm_Zv0Z46sR6H-2-i/edit
目录
最新
- Hacking self-driving cars in the real world: laser pointer attacks & drones that make cars disappear. 🚗⚡😎🚨💥
- Reverse engineering of the Fermax intercom system: ongoing hardware security research. 🚪📸🔬 👨🏻💻🧰
- Hacking with malicious USB drives or malicious QR codes? The most effective way to break in. 🥷🏻💾𝄃𝄃𝄂𝄂𝄀𝄁𝄃𝄂𝄂𝄃🧱🏆
- How to become a Android 𝗁̶𝖺̶𝖼̶𝗄̶𝖾̶𝗋̶ security researcher: malware, exploitation and more. 🎓🔬👨🏻🏭🧠👨🏻💻
- Hacking a Linux device with TPM + LUKS encryption: extracting the TPM key from SPI in plaintext. 🐧💻👂🔑🎉
- Hacking a GE fridge with a hardened STM32: Bypassing new protections to extract flash memory. 🧊🪛👨💻🪠💾
- Security & privacy in the Tile tracking system: the first (public) security analysis of its protocol. 🐾🗺️🎯👨🏻💻🛠️
- Hacking using AI-written exploits: human tests of LLM agents’ PoCs show they are almost all fake. 🤖🖋️📜👨🏻💻🤡