Cyber Security News

Researchers Hacked Car EV Chargers To Execute Arbitrary Code

Researchers discovered flaws in the Autel MaxiCharger EV charger that make it potential to execute arbitrary code on the device by just placing it within Bluetooth range.

The vulnerabilities tracked as CVE-2024-23958, CVE-2024-23959, and CVE-2024-23967 were identified during Pwn2Own Automotive 2024 in Tokyo.

The Autel MaxiCharger has significantly the most extensive hardware feature set, including the ability for consumers to pick which Open Charge Point Protocol (OCPP) URL the charger will connect to.

Users can even configure a charger to function as a public charger, which entitles the owner to reimbursement for energy used and allows the charger to take any kind of RFID charging card.

Decoding Compliance: What CISOs Need to Know – Join Free Webinar

Vulnerabilities Identified

Bluetooth Low Energy(BLE) Authentication (CVE-2024-23958)

The vulnerability, which has a CVSS base score of 6.5, enables attackers nearby the network to bypass authentication on Autel MaxiCharger AC Elite Business C50 charging station installations that are impacted.

To take advantage of this vulnerability, authentication is not necessary.

The issue stems from the BLE AppAuthenRequest command handler. If the handler receives an unsuccessful authentication request, it will fall back on hardcoded credentials.

This vulnerability allows an attacker to bypass the system’s authentication process.

The issue was reported by Synacktiv and the team during Pwn2Own Automotive 2024.

Stack-based Buffer Overflow Remote Code Execution Vulnerability (CVE-2024-23959)

With a CVSS base score of 8.0, this vulnerability allows network-adjacent attackers to run arbitrary code on vulnerable Autel MaxiCharger AC Elite Business C50 charging stations.

This vulnerability requires authentication, but it is possible to bypass the current authentication system.

There is a particular issue in the way the AppChargingControl BLE command is handled.

The problem arises from the user-supplied data not being properly validated for length before being copied to a fixed-length stack-based buffer.

The issue was reported by Synacktiv and the team during Pwn2Own Automotive 2024

Buffer Overflow Remote Code Execution Vulnerability (CVE-2024-23967)

This vulnerability, which has a CVSS base score of 8.0, enables attackers remotely to run arbitrary code on Autel MaxiCharger AC Elite Business C50 charger installations that are impacted.

The vulnerability specifically relates to how base64-encoded data is handled in WebSocket communications.

The problem arises from the user-supplied data not being properly validated for length before being copied to a fixed-length stack-based buffer.

This vulnerability can be used by an attacker to run code within the context of the device.

The issue was reported by Daan Keuper, Thijs Alkemade, and Khaled Nassar of Computest Sector 7.

Patch Released

Version 1.35.00 fixes the vulnerabilities. According to the ZDI advisory, bounds checks were added to prevent buffer overflows, and the backdoor authentication token has been removed.

Hence, these issues emphasize the significance of adhering to industry standards strictly and practicing secure code, among other recommended practices.

Simulating Cyberattack Scenarios With All-in-One Cybersecurity Platform – Watch Free Webinar

Tushar Subhra

Tushar is a Cyber security content editor with a passion for creating captivating and informative content. With years of experience under his belt in Cyber Security, he is covering Cyber Security News, technology and other news.

Recent Posts

Nearest Neighbor Attacks: Russian APT Hack The Target By Exploiting Nearby Wi-Fi Networks

Recent research has revealed that a Russian advanced persistent threat (APT) group, tracked as "GruesomeLarch"…

2 days ago

240+ Domains Used By PhaaS Platform ONNX Seized by Microsoft

Microsoft's Digital Crimes Unit (DCU) has disrupted a significant phishing-as-a-service (PhaaS) operation run by Egypt-based…

2 days ago

Russian TAG-110 Hacked 60+ Users With HTML Loaded & Python Backdoor

The Russian threat group TAG-110, linked to BlueDelta (APT28), is actively targeting organizations in Central…

2 days ago

Earth Kasha Upgraded Their Arsenal With New Tactics To Attack Organizations

Earth Kasha, a threat actor linked to APT10, has expanded its targeting scope to India,…

2 days ago

Raspberry Robin Employs TOR Network For C2 Servers Communication

Raspberry Robin, a stealthy malware discovered in 2021, leverages advanced obfuscation techniques to evade detection…

2 days ago

145,000 ICS Systems, Thousands of HMIs Exposed to Cyber Attacks

Critical infrastructure, the lifeblood of modern society, is under increasing threat as a new report…

2 days ago