The increasing connectivity of electric vehicles, charging stations and power grids is opening the door to a myriad of possibilities. However, it also entails an inherent cyber-security risk.
Last year, British company Pen Test Partners uncovered a number of serious cyber-security vulnerabilities in different chargers and public charging networks.
For example, some charging solutions allowed cyber-attacks that could have led to accounts on millions of smart chargers being hijacked. Moreover, several charger platforms had API authorisation issues, allowing accounts to be taken over and chargers to be controlled remotely.
The company also highlighted the risk of the electricity grid becoming unstable if a large number of chargers were to be switched on and off synchronously.
“The technology is advancing swiftly and there is a growing need to focus on the cyber security of electric vehicles”, says Timothy Zeilman, Vice President of HSB, part of Munich Re.
“With the rush to make the switch to electric cars and trucks, owners and the EV industry should step up their efforts to protect vehicles and charging infrastructure from cyber-attacks.”
“A lot of vending machines are better protected than charging stations.”
Thomas R. Köhler, cyber-security and data protection expert and member of the Board of Directors of Juice Technology
Considering the system as a whole
However, according to Juice Technology (a manufacturer of charging solutions for electric vehicles), all the market players involved – i.e. energy companies and manufacturers of charging stations and cars – have so far only tended to focus on the security of their part of the ecosystem.
As such, it is crucial to keep the system as a whole in mind. Ultimately, the entire infrastructure is a target for attacks.
“A lot of vending machines are better protected than charging stations,” said Thomas R. Köhler, cyber-security and data protection expert and member of the Board of Directors of Juice Technology.
“The possibilities for cyber-attacks are many and varied, and not very complex, either. An attacker can cull or manipulate data in poorly secured electronics, and thereby take control of the system and misuse it for all kinds of criminal activities.”
The risk can be reduced
Researchers at the Concordia Institute for Information Systems Engineering in Canada also found vulnerabilities in charging stations, some of which were major.
The researchers recommend a range of risk mitigation measures that manufacturers could take.
However, the ease and efficiency with which each solution can be implemented depends on how complex the vulnerability is, explains Tony Nasr, the lead author of the study:
“Each vulnerability has its own case and requires a proper level of sophistication to resolve.”
Chadi Assi, a professor at the Concordia Institute for Information Systems Engineering and the paper’s supervising author, adds: “We are about to see an exponential rise in EVs on the road. But without secure charging infrastructure, customers will be reluctant to commit to electric cars.”
