The push is on to get more electric vehicles on the road. But in the rush to roll out charging infrastructure, security is stuck in the slow lane. Worrying vulnerabilities in plug-in systems could hand hackers the keys to personal data, give them control over vehicles, or allow them to disrupt local power grids by switching on hundreds or even thousands of chargers simultaneously.
With another million or so EVs coming into service every year in both the US and Europe, securing end-points on an extensive, remotely-located, and physically exposed network of internet-connected power units presents a major roadblock. If drivers are to overcome range anxiety – and watchdog agencies convinced that charging systems won’t compromise critical energy infrastructure – it needs to be removed.
Key Takeaways
- Many electric vehicle chargers have technical vulnerabilities that leave drivers exposed to cyberattacks.
- The issues are well known, but the race to replace internal combustion engines with battery-powered motors means cybersecurity sometimes takes a back seat.
- There’s already a yawning gulf between the number of publicly available EV chargers and the number of EVs on the road. Home charging units are a must for most EV owners.
- But consumer EV chargers lack coherent security standards. For now, drivers should take basic steps to ensure their chargers are as hack-proof as possible.
How EV Charger Hacking Threatens Personal Data & the Power Grid
Shock to the System
The average new car contains between 100 and 150 million lines of code, with electric vehicles coming in at the higher end of the spectrum. As manufacturers add ever more electronic control units (ECUs) to support new functionality and connectivity, figures from Peugeot predict the number will soon inflate to 300 million.
So much code complexity creates an enormous attack surface and a new cybersecurity threat that crims and fraudsters are keen to exploit.
Connecting an EV to a charging station could be all a future hacker needs to trigger an attack.
Researchers at Checkpoint Software recently wrote that EV charging points and the cloud networks they connect to can have fundamental weaknesses. They said:
“Given their dispersed nature, EV charging sites and distributed energy networks rely heavily on internet connectivity and SaaS platforms for remote management, maintenance, and energy network optimization.”
Built on unique architectures, protocols, and energy flow controls, Checkpoint says charging networks are riddled with EV cybersecurity risks, including:
- Unprotected internet connections
- Lack of network segmentation
- Rudimentary authentication and encryption requirements
- Unmanaged energy assets
Those vulnerabilities have led to some high-profile – if relatively harmless – incidents. EV charging stations on the Moscow-St. Petersburg highway were hacked at the start of the Ukraine war in 2022, running anti-Putin messages across their displays.
A few months later, three parking lot charging stations on the UK’s Isle of Wight were hacked to display pornography. A more serious threat was discovered by Shell last year, compelling it to patch a database that could have exposed personal data contained in millions of charging logs generated by its extensive EV charging network.
Evidence Mounts of a Growing Threat
It’s not the first time security experts have sounded the alarm on EV chargers. In 2020,
Researchers at New York University (NYU) conducted a simulated cyberattack on multiple high-wattage charging stations in Manhattan.
Using public data from the New York branch of ISO, the US Energy Information Administration, and other sources, they found that if hackers could simultaneously switch on the chargers of 1,000 electric vehicles, it would be enough to overstretch and crash the local power grid, causing a city-wide blackout.
Professor Ramesh Karri of NYU’s Tandon School of Electrical and Computer Engineering said:
“[The simulation was] a wake-up call that should encourage the public and policymakers to take steps to protect the data generated between electric cars and charging stations – most of which could be co-opted by a hacker with college-level skills.”
More recently, a study from Concordia University in Montreal noted multiple classes of what researchers called severe vulnerabilities, including the ability to remotely switch chargers on or off or use them as launchpads to install malware.
How EV Hackers Break In
In 2021, UK cybersecurity lab Pen Test Partners conducted tests of six popular home EV plug-in chargers and uncovered multiple issues:
- One charger used an outdated Raspberry Pi compute module with an easily detachable circuit board containing sensitive data like access credentials and the local Wi-Fi network’s pre-shared key.
- Another required no user authorization. By simply using a short and predictable device ID, they were able to gain access and take full control of the charger.
- The same product also lacked firmware signing, meaning a new mal-firmware could be installed remotely, making the charger a potential vector for entering the home network.
This year, researchers at VicOne’s cyberthreat research lab discovered vulnerabilities in EV chargers sold by Emporia, an award-winning maker of home energy management tools.
They found an exposed serial programming interface on the Emporia EV charger’s circuit board that could allow attackers to “tamper with controls, replace the firmware, steal sensitive information, obtain root access, or alter the device to carry out other attacks.”
In an echo of the Concordia findings, those weaknesses could have given hackers the power to control when and how electric vehicles charge-up.
On the nuisance scale, that might mean frustrated commuters waking up to find their batteries empty, or at the riskier end, open the door to a mass attack of the kind modeled by NYU – something a nation-state-level adversary would surely find interesting.
What the Industry Is Doing About It
As national charging infrastructure build-outs gain pace, governments, regulators, and device manufacturers are taking steps to address the EV charger hacking problem.
The Biden administration’s 2021 Infrastructure Law included $7.5 billion in funding to expand America’s electric vehicle charging network. Last year the White House published an update on the initiative that included new cybersecurity standards for plug-in EV chargers.
In the UK, electric vehicle regulations announced in 2021 set out specific security requirements for EV chargers, including alerts when tampering is detected, minimum standards for encryption and authentication, plus randomized delay capability. That would help minimize the impact of a grid-level attack by fixing chargers with a random on/off time delay of up to ten minutes.
Concerns remain. The new standards announced by the White House only apply to those devices funded by the infrastructure bill, meaning the estimated 100,000 plus home units installed by US consumers aren’t covered. There are also questions about what constitutes best practice in EV charger security.
The US National Institute of Standards and Technology (NIST) is developing a risk-based security framework for plug-in EV chargers to guide future regulation, while the Department of Energy’s Sandia National Laboratory has published recommendations for charger manufacturers.
As rules, standards, and definitions evolve, experts agree that a comprehensive set of rules for EVs modeled on the US Protecting and Transforming Cyber Health Care Act of 2022 should be the end goal.
What Drivers Can Do
For now, the range of options available to drivers for enhancing EV charger security is limited.
Unlike cars with an internal combustion engine that fills their tanks with a physical liquid, EV batteries are filled with electrons. For charging to happen, a data connection must be established between the charger and the vehicle.
By definition, that means EVs could be vulnerable to hacking. To minimize the risk and enhance your electric vehicle’s cybersecurity, experts suggest doing three things:
- Avoid dodgy chargers. Cut-price or lesser-known brands sourced from downscale e-commerce sites could have weak or non-existent encryption and authentication measures or come with software flaws that can be exploited by hackers.
- Keep software and firmware up-to-date. If you receive a notification that a new EV charger software patch is ready for installation, don’t delay.
- Stay offline. If the device allows it, don’t connect it to the internet – or only connect occasionally to get the latest software updates. Restricting chargers to hands-on use means you’ll lose some remote functionality, but you’ll also make it harder for cybercriminals to compromise or zombify them from afar.
The Bottom Line
There’s a big disparity between the number of publicly available EV chargers and the number of EVs on US roads, with roughly 192,000 plug-in points for more than 3.3 million vehicles.
Despite an estimated 1,000 new chargers being added to public networks each week, home units with consumer-grade security protection are needed to fill the gap.
With millions of EVs already in service and millions more predicted by 2030, locking down public and private EV charger security will be a make-or-break requirement for keeping the EV transition on track.
#Ocpp1.6j Platform,Ul2594 50a Ev Charger,Wcs Ev Charger Factory,Ocpp1.6json Ev Charger,China Ocpp1.6j Platform,China Ev Charger Ul2594,Ocpp1.6j Ev Charger 22kw,Ocpp1.6j Platform Service,Ocpp1.6j Ev Charger 7.2kw
#Ev charger,Ev charging,Ev charging station,Ev charger station,Ev charger on whatsapp,Ev charging on whatsapp,Ev charger station on whatsapp,Ev charging on whatsapp,European Ev charge point
Post time: Jan-03-2025