Mastodawn

hey wanna read some horrors? https://www.w3.org/TR/exi/

Efficient XML Interchange (EXI) Format 1.0 (Second Edition)

@whitequark
The real horror is that #EXI is used in an ISO 15118 sandwich on top of HomePlug AV (with broken encryption) and TCP (mostly with no encryption, but sometimes mixed with a wild PKI) to real-time control up to a Megawatt of electric power flowing into a car.

@ge0rg aaahhhh

@whitequark
And to add to the horror, all of the cars and chargers are in the same physical powerline broadcast domain, so when another car is plugged in, it needs to broadcast ping and measure the response signal strength(*) to find out which charger it's connected to...

And once the data channel is up, you authorize the payment with the absolutely unforgeable and secret... *checks notes* serial number of your RFID card!

(*) SLAC (Signal Level Attenuation Characterization)

Show thread

Kate Oct 24

@ge0rg there is one charging provider in aus that does autocharge based on vehicle mac address. im sure that could be spoofed easily enough.

Show thread

Ge0rG

@redback
I guess that the issue with spoofing the MAC for Autocharge is that you either need to MitM the connection in real-time from the outside, or you need to get physical access to the EV side charging controller to change the MAC stored in its flash. This is orders of magnitude harder than reading and spoofing somebody's RFID card UID.

Show thread

Kate Oct 24

@ge0rg *wanders round Everything Electric show with RFID reader*

Show thread

Aris Adamantiadis

💲Paid Oct 24

@ge0rg @redback my EV also requires being unlocked to get access to the power plug, which would be required to get the MAC address. Unless they show it on screen somewhere.

Show thread

Ge0rG Oct 24

@aris obtaining your MAC address is really easy. I just have to sniff the powerline network while you are charging. I can do that with a wire wrapped around my own charger cable or maybe even with an SDR from a parking lot close-by.
@redback