Security Research & Development
Tools, platforms, and research that improve cybersecurity practices
OCPPStorm: A Comprehensive Fuzzing Tool for OCPP Implementations
A comprehensive black box fuzzing tool that identified multiple critical vulnerabilities in OCPP implementations, leading to the discovery of CVEs and improved security for electric vehicle charging infrastructure. The tool employs multiple fuzzing strategies including Random Fuzzer, State Machine Fuzzer, and Isla Fuzzer to test OCPP implementations across different platforms (Java, .NET).
Results: 6 CVEs discovered and assigned
Publication: Network and Distributed System Security (VehicleSec) 2024
Date: February 2024
Impact: Improved security of electric vehicle charging infrastructure
Vulnerabilities: Improper handling of 'StartTransaction' messages, predictable transaction IDs, denial-of-service and data integrity issues