This study identifies a fundamental vulnerability in the physical-layer authentication mechanisms of mainstream EV charging protocols (SAE J1772, CCS, IEC 61851, GB/T 20234, NACS): their reliance on static resistor/voltage-based identification is inherently susceptible to signal injection attacks. Through reverse engineering and empirical validation, we systematically reproduce such attacks across 20 real-world chargers conforming to seven international standards—the first comprehensive demonstration of this threat. Attacks induce denial-of-service conditions, permanent charger lockup, and irreversible hardware damage to both vehicle and charger battery management systems. To address this, we propose PORTulator, a lightweight hardware prototype that enhances physical-layer authentication via dynamic high-frequency PWM modulation and non-volatile storage. Our solution maintains full backward compatibility with existing connectors and charging protocols, requires no firmware or standard modifications, and supports plug-and-play deployment.

The proliferation of electric vehicles in recent years has significantly expanded the charging infrastructure while introducing new security risks to both vehicles and chargers. In this paper, we investigate the security of major charging protocols such as SAE J1772, CCS, IEC 61851, GB/T 20234, and NACS, uncovering new physical signal spoofing attacks in their authentication mechanisms. By inserting a compact malicious device into the charger connector, attackers can inject fraudulent signals to sabotage the charging process, leading to denial of service, vehicle-induced charger lockout, and damage to the chargers or the vehicle's charge management system. To demonstrate the feasibility of our attacks, we propose PORTulator, a proof-of-concept (PoC) attack hardware, including a charger gun plugin device for injecting physical signals and a wireless controller for remote manipulation. By evaluating PORTulator on multiple real-world chargers, we identify 7 charging standards used by 20 charger piles that are vulnerable to our attacks. The root cause is that chargers use simple physical signals for authentication and control, making them easily spoofed by attackers. To address this issue, we propose enhancing authentication circuits by integrating non-resistive memory components and utilizing dynamic high-frequency Pulse Width Modulation (PWM) signals to counter such physical signal spoofing attacks.