Unveiling cybersecurity risks in EV charging stations. Explore the vulnerabilities and solutions for a secure electric vehicle infrastructure. Public plug-in electric vehicle (EV) charging stations present a new cyberattack opportunity for black-hat hackers. A single attack could disrupt grid operations and lead to a blackout.
Insurance companies will need to monitor EV chargers in the same way they do cars to truly understand the risk and address it. Self-assessments will not cut it.
Unauthorized Access
Many people may not think about the possibility of their electric vehicle being hacked and even less so about potential security breaches through EV charging points. But, as EV chargers become more common they are becoming a prime target for hackers.
EV charging stations connect to networks, including those of grid operators and cloud services, that communicate with EV drivers and billing systems. These systems make the networked EV chargers vulnerable to a variety of hacking attacks, from unauthorized access and data theft to disruption of EV charging sessions.
For example, a group of researchers recently revealed a technique called “Brokenwire” that can be used to disrupt large-scale EV charging stations. The attack uses electromagnetic interference to interfere with the communication between a vehicle and its charger. This can interrupt the charging session from a distance of up to 151 feet. While the EV driver won’t notice this interruption, it can have devastating consequences for a fleet vehicle that is being charged at the station for critical tasks such as public transit or emergency response vehicles.
While there isn’t much an individual driver can do to protect themselves against these kinds of EV charger cyberattacks, EV manufacturers should be working hard to strengthen their hardware and software protections. Keeping firmware updates up to date, using secure communication protocols, and implementing robust authentication and authorization controls are essential. Moreover, manufacturers should work with their suppliers and partners to ensure that all aspects of the system are properly tested and protected.
Another example of an EV charging infrastructure vulnerability involves hackers attacking the management systems that control the networks. These are typically in the form of cloud-based software that manages infrastructure stability, energy management, EV charge requests, and billing. These systems are particularly vulnerable to a variety of hacking attacks because they connect a wide range of devices.
Despite the fact that most EV hacking comes from so-called “white-hat” hackers who use their skills to test the systems and report any weaknesses back to the EV companies, illegal or “black-hat” attackers are now outnumbering white-hats. These criminals are more likely to try to use EV chargers as a foothold for launching larger attacks against the power grid, and their goal is often not to steal information but rather to disrupt the flow of electricity.
Data Theft
The fact that EV charging stations collect sensitive data such as payment information, and are connected to the power grid, makes them a potential target for cyber attacks. These attacks can compromise consumer privacy, as well as the integrity of the grid itself. As a result, there is a growing need for EV chargers to be equipped with advanced security measures. Proactively addressing these issues during the construction process aligns with the federal government’s push for widespread EV adoption and helps to prevent potential breaches in the future.
A hacker can use a computer to intercept communications between an EV and its charging station, or gain access to the backend network of the charging infrastructure. This allows them to steal data such as user names, credit card numbers, and other personal information. Additionally, hackers can use a computer to hijack the EV’s power systems and cause damage or disruption to the vehicle.
Cyberattacks on EV charging stations can also pose safety risks for EV owners and the general public. For instance, an attack could lead to a fire or explosion at a charging station, potentially causing serious injuries or property damage. It may also impact the stability of the electrical grid, resulting in widespread outages.
Moreover, an attacker can use a computer to disrupt the service of a charging station by stealing the CAN bus signal from the charger. This can prevent the EV from communicating with the charger, leading to a malfunction and possibly a complete failure of the system.
Finally, an attacker can also take advantage of a vulnerability in the software of an EV charging station to gain unauthorized access to the system’s backend networks or control systems. This allows them to manipulate the EV’s charging process, or even hijack the entire infrastructure network and cause significant damage.
To avoid these dangers, EV chargers should use a secure communication protocol and meet industry standards. This will help to protect against threats such as unauthorized access, data theft, and disruptions in services. Additionally, companies that build EV charging stations should ensure they adhere to cybersecurity regulations and work closely with cybersecurity experts to safeguard their infrastructure.
Denial-of-Service Attacks
EV charging stations have several vulnerabilities that cybercriminals are looking to exploit. These include unauthorized access to the stations, theft of personal or financial data, and disruptions of charging services. The most serious attacks on EV charging infrastructure can cause the station to shut down entirely, which prevents EV drivers from charging their vehicles. This type of attack can also lead to disruptions in the power grid.
The EV industry must develop standard security protocols that address these vulnerabilities. This will improve EV driver safety and enable them to enjoy the benefits of a clean, sustainable transportation system. The industry will need to work with federal and state governments to establish enforceable standards that protect consumers.
For example, the EV industry should consider how to secure V2G chargers that use communications links instead of power lines. This will require a new generation of protocols that can encrypt and authenticate messages. This will help ensure that the data being transmitted between the EV and charging point is private. It will also help to ensure that the EV cannot be discharged by bogus or cloned charging points.
In addition, the EV industry should focus on addressing privacy concerns by creating security protocols that allow users to choose when to share their location. This is important because many consumers may resist using managed charging services that depend on their location.
As the EV market continues to grow, it is imperative that the government and industry work together to create safe and secure EV charging stations. This will require a combination of enforceable standards and best practices, as well as partnerships with the private sector to provide a comprehensive solution.
As a result, the US Department of Transportation is developing an electric vehicle cybersecurity plan to address these issues. This will involve a multi-stakeholder process involving electric vehicle original equipment manufacturers, vendors, and charging network operators. The plan will include full-scope risk assessments of the EV charging infrastructure, segmentation requirements, PCI DSS compliance, and documentation of security operations. The plan will also establish processes for identifying and implementing security patches.
Social Engineering Attacks
As the EV industry continues to grow, there are growing concerns that cyberattacks to ev charging infrastructure can have a negative impact on consumer adoption. In addition to stealing credit card information, these attacks can take charging stations offline, making it difficult for drivers to charge their vehicles. The growing concern about EV cybersecurity has led to the development of new standards and requirements, with regulators and companies creating rules to help protect EV infrastructure.
EVs use communication protocols that connect multiple devices to share data and control functions. The protocols are designed based on the needs of different entities, such as the car, charger, back-end networks and electricity grids. To a large extent, these communication protocols are developed by organisations that specialise in specific technologies and do not consider security as a core design element.
For example, the CHAdeMO and ISO 15118-20 communication protocols define the link between an EV and charging station, establishing requirements for plugs, charging topologies (conductive/inductive charging), communications, safety and cyber-security. The protocols do not take into account the fact that EVs can be directly controlled by the power grid and have bidirectional power flow, or that a third party may manage the entire charging network and electricity grid.
The EV industry needs to create standard security protocols for the networks and connectivity used by local and state municipalities, as well as ensure that a regular patching regime is in place. The EV industry should also work with the cybersecurity community to share threat intelligence and develop common definitions of attack techniques, which will be essential in preventing future attacks.
Lastly, the EV industry should work with specialised digital forensics providers to collect and analyse the evidence following an attack. This will provide valuable insights into how the attack happened, and what steps are needed to prevent it from happening again.
EVs are a great solution to environmental problems, but their infrastructure is vulnerable to cyberattacks. By proactively addressing the vulnerabilities in this infrastructure, the EV industry can remove one of the major barriers to consumer adoption.
