@whitequark
The real horror is that #EXI is used in an ISO 15118 sandwich on top of HomePlug AV (with broken encryption) and TCP (mostly with no encryption, but sometimes mixed with a wild PKI) to real-time control up to a Megawatt of electric power flowing into a car.
@whitequark
And to add to the horror, all of the cars and chargers are in the same physical powerline broadcast domain, so when another car is plugged in, it needs to broadcast ping and measure the response signal strength(*) to find out which charger it's connected to...
And once the data channel is up, you authorize the payment with the absolutely unforgeable and secret... *checks notes* serial number of your RFID card!
(*) SLAC (Signal Level Attenuation Characterization)
@AliveDevil @ge0rg @whitequark So basically all of the EV charging plugs allow encapsulation of arbitrary IEEE 802.* protocols.
I’m shocked we haven’t seen a ransomware incident spread from a public charger to cars yet.
✧✦Catherine✦✧
Ge0rG
AliveDevil
Zimmie