Evil SteVe: An Approach to Simplify Penetration Testing of OCPP Charge Points

The reduction of CO2 emissions caused by auto-mobile traffic relies on the development of electric mobility infrastructure which in turn relies on efficient communication between charge points, used to connect electric vehicles to the power network, and central systems, used to manage users and transactions. The Open Charge Point Protocol (OCPP) is an open communication protocol designed to connect charge points to a central system. An important aspect of the communication between these entities is the security of the connection. It is conceivable, for instance, that an adversary could compromise a central system to attack charge points.This work devises three different attack scenarios which could be executed by a malicious OCPP central system to attack an OCPP charge point. It also assesses the feasibility and potential consequences of such attacks. Additionally, it presents an approach of an "evil" OCPP server implementation, based on the SteVe server which was originally developed at the RWTH Aachen. The "evil" OCPP server implements various attack scenarios and is intended to be used for penetration testing of OCPP charge points that connect to the central system via WebSockets/JSON or SOAP/XML.