Breaking and Fixing the OCPP Electric Vehicle Charging Standard with CheckOCPP and EmuOCPP.

No ratings

Presented at DEF CON Singapore 2026 by

Daniele Antonioli

Victor Gómez

The Open Charge Point Protocol (OCPP) is the de facto standard for communication between electric vehicle charging stations and charging station management systems. It is deployed worldwide in multiple versions (1.6, 2.0, and 2.0.1) and security profiles, from password-based authentication to mutual TLS. Despite its critical role in EV charging infrastructure, OCPP's real-world security and privacy remain poorly understood. This talk presents a security and privacy analysis of OCPP based on two open-source tools we developed: EmuOCPP and CheckOCPP. EmuOCPP emulates realistic OCPP networks using lightweight containers, enabling testing across protocol versions, security profiles, and attacker models. CheckOCPP is a Wireshark-based dissector that automatically parses OCPP traffic and checks message compliance against official schemas. Using these tools, we identified eight vulnerabilities, including five previously undocumented issues, and derived five practical attacks, such as security profile downgrade and charging station impersonation. We validated these attacks on open- and closed-source implementations, a real charging station, and a production network, and discussed mitigations and responsible disclosure with the Open Charge Alliance.