2024-10-22 –, Europe - Main Room
This lightning talk will develop the context and reasons that led to the discovery and disclosure of vulnerabilities in an Electric Vehicle Smart Charging Point (CVE-2024-5313 and CVE-2024-8070).
We will discover a specific product, how it works, how it is supposed to be provisioned and some mistakes that were made that enabled the speaker to elevate his privileges.
Sunday, October 29th 2023, like every Winter, Europe switched to daylight saving time... but my EV Smart Charing Point did not.
In this lightning talk, I will explain how I moved from the willingness have a correct a timezone on my charging point, to a full compromise of the appliance.
I'll develop the whole process that brought me from a regular user with no access, to root of the charging point, including full disclosure to the company that (partially) developed the product.
Cybersecurity Director at PwC Luxembourg
Offensive Security & Red Team Leader
Trainer | Speaker | Sworn Judicial Expert