Electric vehicle chargers present a unique risk. With enough knowledge, threat actors could tamper with cars or even turn off sections of the power grid. Addressing these security concerns is crucial since they will only grow as demand increases. cybersecurity Why Are EV Chargers a Cybersecurity Risk? chargers are a cybersecurity risk because most are unsecured and highly interconnected. Often, the units receive few updates and little oversight, so the issue only grows as their number increases. EV As the attack surface expands, it becomes easier for hackers to find new vulnerabilities. In 2021, the United States announced to the existing 100,000 with a $15 billion investment. After a fivefold increase like this, the country’s cybersecurity risk will grow significantly. its goal to add 500,000 stations Who Is at Risk of a Cybersecurity Incident? Every person using EV chargers or operating on a connected network is prone to a cybersecurity incident. Arguably, everyone is at risk, considering hackers could affect the power grid if they wanted. Drivers using slow chargers may be more at risk because they spend more time connected to a potentially infected unit. Since , most choose to take their time to save money. Doing so may make them more prone to a cybersecurity incident. quick charging is more expensive How Are Charging Stations Vulnerable? Charging stations have a variety of vulnerabilities because of their weak security measures or external connections. For instance, manufacturers and installers often integrate stations into building automation or management systems to monitor and control charging. The attack surface broadens because of this, increasing the risk of a cybersecurity incident. These are some of the known vulnerabilities affecting EV chargers: Anyone can collect network keys and inject malicious data into network sessions. Malicious data injection: Hackers can use malware to falsify a display’s battery charge level. Faulty display: : Using software-defined radio of power, hackers can wirelessly abort a charging session from nearly 155 feet away. Charging session disruption running on less than 1 watt With home charging stations, attackers can leverage unsecured networks to exploit many of the same system vulnerabilities. WiFi tampering: The demand for EVs , meaning there are likely many more vulnerabilities the general public isn’t aware of. is incredibly high and only growing What Cybersecurity Risks Do EV Chargers Pose? Spoofing, data theft, session disruption, and system tampering are some of the main cybersecurity risks of EV chargers. Each vulnerability leads to significant adverse outcomes. These are some of the most potentially severe cybersecurity risks: Individuals can steal personally identifiable information — like credit card numbers — after exploiting the EV-to-charger connection. The absence of transport layer security on public stations makes them incredibly susceptible to side-channel attacks. Information theft: If a hacker systematically hijacks chargers with a DDoS attack, they could bring down the power grid. In 2019, researchers at New York University Tandon found they only needed to simultaneously to blackout entire sections of a city. Distributed denial-of-service attack: exploit 1,000 EV-to-charger connections With malicious data injection, a hacker could steal credentials to spoof an EV. They could hijack charging sessions or launch a masquerade attack with this method. Credential theft: Hackers can spoof the connection between the charger and the vehicle. At best, this could result in power theft. At worst, it involves falsifying malfunction errors to prevent the EV from charging or operating effectively. Man-in-the-middle attack: It’s possible to extract a vehicle’s GPS data to manipulate how the station views its location, disrupting the charging process with similar effects to a DDoS attack. Charging session disruption: With enough knowledge, someone could bring entire sections of the power grid down using only a few charging EVs. They could also engage in a mass identity theft campaign or disable cars from operating. Who Is to Blame for the Charger Vulnerabilities? If anyone is to blame for charger vulnerabilities, it’s the federal government and suppliers like Tesla and Electrify America. They’re among the biggest providers of public charging stations, meaning cybersecurity is primarily their responsibility. In January 2023, of an Electrify America public charging station using only his phone. The vulnerability was evident because the unit’s screen displayed what looked like the back end. He accessed its internal computer after only a few seconds. an individual took complete control He only tampered with it to show his followers the vulnerability, admitting someone with more knowledge could skim personally identifiable information. While Electrify America made a statement admonishing his actions — stating unauthorized access is potentially a serious crime — it didn’t immediately take action beyond making a vague statement about investigating. Is Anyone Addressing the Cybersecurity Concerns? While some governments and companies have taken steps to address the cybersecurity concerns of EV charging, there are no widespread requirements as of 2023. Since there is no standardized protocol to follow, it effectively weakens the integrity of all systems. Industry experts project EVs will make up by 2035, making nearly 50% of all passenger vehicles electric. Government incentives may increase this figure even further. Since more will soon be on the road, who will monitor them and ensure they’re secure? 45% of new automotive sales The United Kingdom is among the few countries that have taken steps to increase charging station cybersecurity. It , data encryption, and information deletion options. Service providers must also provide regular updates to minimize the chances of vulnerability exploitation. requires they have credential authentication As of 2023, the United States Federal Highway Administration and Department of Transportation have for projects the government funds. While the requirements are a step in the right direction, their applications are incredibly narrow. only established minimum cybersecurity standards To address the cybersecurity concerns of EV charging, the government must step in to mandate minimum security measures and consumer safety requirements. This approach is especially critical, given how many of these vehicles will be on the road by 2030. The Future of EV Charger Cybersecurity Most charging stations aren’t secure because companies, installers or the buildings they connect to are lenient with cybersecurity. If EVs are to be the future of consumer transportation, they must address concerns swiftly.

This story contains new, firsthand information uncovered by the writer.

Do EV Chargers Present a Cybersecurity Risk?

Too Long; Didn't Read

@devinpartida

Credibility

RELATED STORIES