OWASP, Application Security Verification Standard, ASVS, 3.0, OWASP ASVS

When you buy an Electric Vehicle (EV) in Norway, you usually get an EV-owner welcome kit. This includes information about your «rights and duties» as a proud EV owner, and you also get an RFID tag to use at Norwegian public charging stations. These RFID tags are commonly known as «ladebrikke» in Norway, and they can also be ordered online for a small fee.

Did you know that these ladebrikke use insecure technology? In this blog post, we will cover how this could affect your wallet.

What Do I Have in My Pocket?

RFID tags come in many shapes and forms, and they use different technologies. In this case, the ladebrikke is a MIFARE Classic tag, and each tag contains a unique identifier (UID). Despite MIFARE Classic is affected by multiple well-known security issues, we will focus on how the UIDs are used by the public charging stations.

Let’s go back to the beginning. When you have a new ladebrikke, the UID associated with the tag must be activated by registering it at an EV charging company. This process is fairly simple. Just go online, create a user account, provide your payment method, and register the unique identifier associated with your ladebrikke.

Once activated, you may use the ladebrikke at any charging station of the EV charging company in Norway. The power used while charging your EV will be automatically registered on your user account, and invoiced accordingly.

What Could Possibly Go Wrong with My Ladebrikke?

When you are about to charge your EV at a charging station, you need to scan your ladebrikke. This process authenticates yourself to the system. Once authenticated, the EV charge will be associated with your user account for later invoicing.

Even though this process is very user friendly, it relies on a single authentication factor. In practice, the charging station just checks the unique identifier tied to your RFID tag. No other contents of the tag are actually checked by the charging station.

The problem associated with this system is that it assumes that an RFID tag’s unique identifier is unique. This may be true for regular MIFARE Classic tags. However, there are Chinese magic cards which allow you to set their unique identifier to any value you want.

This opens a scenario where anyone with cheap equipment could clone a ladebrikke. The ingredients are a RFID reader/writer and a magic card. We are not going to cover how to do this process in practice, as there are plenty of tutorials available on the Internet.

Provided the attacker gets access to an active unique identifier, the cloning process is extremely simple, and it can be completed in less than a minute. The key component is of course to identify a valid unique identifier associated with a valid ladebrikke. In some cases, physical access to a target ladebrikke would not even be required.

How Could Someone Get Access to a Ladebrikke’s Unique Identifier?

There are a few possible theoretical situations that could allow someone to capture valid unique identifiers. This includes, but it is not limited to:

  • Physical contact
    If you keep your RFID tag in a regular wallet or in your keychain, someone who passes near you could scan the tag with a reader (e.g. a mobile phone with RFID support). It is important to understand that only the unique identifier of the RFID tag is needed. Therefore, scanning the tag can be done quickly (as quick as if you were scanning the tag on a regular charging station).
  • RFID tag UID enumeration
    EV charging companies have web sites. These could potentially have vulnerabilities that could allow an attacker to know whether a given unique identifier is already active. If this is the case, an attacker could potentially use these sites to compile a list of valid UIDs for later abuse. It is important to note that Encripto has not tested any EV charging company web site in practice, and therefore this is purely theoretical. However, based on our broad experience with web application security testing, user account enumeration as well as other variants, are common vulnerabilities that affect today’s web applications.
  • RFID tag with sequential unique identifiers
    If RFID tags are produced with sequential unique identifiers, a person who knows about a valid UID could use such UID as a reference. This would allow the creation of cloned tags with previous or subsequent UIDs. Assuming sequential unique identifiers, previous UIDs would likely lead to a higher chance for success, as these could have already been activated by other users.

Somebody Could Charge at Your Expense

If someone (by any chance) is able to clone your ladebrikke, he or she could charge EVs at your expense. History has shown that similar systems have relied on vulnerable MIFARE Classic tags in the past, but these were modernized years ago. It is somewhat surprising that this technology, which could have economic repercussions for users, is being used in relatively new systems.

As EVs are emerging rapidly in Norway, this is an area that will likely draw criminals’ attention (if it has not done so already), and could be exposed to abuse. This should therefore be an area of concern.

By the way, the contents of a ladebrikke is just default information encrypted with default MIFARE Classic encryption keys.

As a proof of concept, Encripto made and tested a ladebrikke clone on a charging station successfully. The cloned RFID tag was based on the unique identifier of our own legitimate ladebrikke.