Rapid Growth of EV Charger Networks Comes With Major Security Threats

As Americans head out on vacation this summer, more and more of them are hitting the road in electric vehicles. Like it or not, that trend looks like it will continue as states like Virginia and Washington follow California’s lead in imposing 100 percent electric vehicle (EV) sales timelines. Falling EV prices are predicted to open the market to less affluent drivers. Meanwhile, Ford Motor announced this week that it has agreed to a massive $9.2 billion federal loan to build three electric vehicle plants as part of President Joe Biden’s push to supercharge EV production. A rapidly expanding EV charging infrastructure supports the vehicles’ growth spurt. However, the charging stations come with major security risks, experts say, giving the “silent majority” who aren’t on board with wholesale EV adoption yet another reason to be skeptical. An Increasing Number of Cyber Attacks With the rapid growth and evolving technology of EV infrastructure, the United States and Europe are seeing an increasing number of cyber-attacks related to EV charging systems. Experts fear that security risks are keeping pace with the rapid expansion of EV charging stations across the United States, with hackers able to access drivers’ payment data and worse. In a worst-case scenario, cyber terrorists could weaponize thousands of vehicles, taking control of them remotely in order to cause power grid blackouts. According to the U.S. National Institute of Standards and Technology (NIST), EV charging stations collect sensitive information including payment data. Because they are connected to the power grid, an attack could have cascading effects on consumer privacy and on the grid itself. Even with EV charging companies taking all known steps to protect charging systems, hackers can locate access points in communication channels, leaving chargers open to data tampering or even distributed denial of service (DDoS) attacks. What makes all of this even more nefarious is that attackers can be thousands of miles away. A report from cloud solutions provider Enterprise Engineering Solutions says hackers can gain control of charging stations and access vehicle control systems and ID and credit card information. They could disable networks, sensors, cameras, steering, and brakes, resulting in collisions. ‘Prevention Is Always Preferable’ Elias Bou-Harb, Ph.D., directs the Cyber Center for Security and Analytics at the University of Texas, San Antonio. “Monitoring in real time and dealing with attacks as they happen are important aspects of an overall security strategy, but prevention is always preferable,” Bou-Harb told in an emailed statement. “Empirically, we continue to see escalated attacks on such infrastructure, including remote and physical attacks.” “Cyber-attacks on charging stations can be prevented to a large extent through proper security measures and protocols. While it’s challenging to achieve 100 percent prevention, proactive steps can significantly reduce the risk of attacks,” Bou-Harb added. Electrify America charging station (Courtesy of Electrify America) During a study of charging stations, Bou-Harb and fellow researchers found significant vulnerabilities. They did an in-depth security analysis on 16 points of the EV charging system, such as firmware, mobile, and web app, and discovered a range of vulnerabilities. They highlighted the 13 areas of most concern, such as missing authentication and cross-site scripting. The researchers noted that cybersecurity criminals could steal credentials and access user data. Other vulnerabilities included the ability to manipulate firmware, allowing criminals to launch more complex attacks. To prevent the theft of consumer information and EV compromise, Bou-Harb said EV charging companies should implement robust authentication and authorization mechanisms, to ensure that only authorized users can access and use the stations. In addition, Bou-Harb recommended encrypting communication between the charging infrastructure and back-end systems to protect data in transit. Charging station software and firmware should be regularly updated to address known vulnerabilities. Security audits should be conducted regularly and penetration testing done to identify and address potential weaknesses. Finally, staff should be trained to recognize and respond to potential cyber threats. Protect Your Vehicle Bou-Harb suggests car owners keep their vehicles’ software up to date by installing the latest firmware and security patches; using strong and unique passwords for their EV accounts and charging apps; avoiding connecting vehicles to unsecured charging stations; and reporting suspicious account activity. Another basic precaution is to detach dongles. The small devices that plug into the diagnostic port and allow companies to monitor driving habits can be an easy entry point for hackers and should be disconnected when the EV is not in use. Hackers can also intercept wireless fob si

Rapid Growth of EV Charger Networks Comes With Major Security Threats

As Americans head out on vacation this summer, more and more of them are hitting the road in electric vehicles.

Like it or not, that trend looks like it will continue as states like Virginia and Washington follow California’s lead in imposing 100 percent electric vehicle (EV) sales timelines.

Falling EV prices are predicted to open the market to less affluent drivers.

Meanwhile, Ford Motor announced this week that it has agreed to a massive $9.2 billion federal loan to build three electric vehicle plants as part of President Joe Biden’s push to supercharge EV production.

A rapidly expanding EV charging infrastructure supports the vehicles’ growth spurt.

However, the charging stations come with major security risks, experts say, giving the “silent majority” who aren’t on board with wholesale EV adoption yet another reason to be skeptical.

An Increasing Number of Cyber Attacks

With the rapid growth and evolving technology of EV infrastructure, the United States and Europe are seeing an increasing number of cyber-attacks related to EV charging systems.

Experts fear that security risks are keeping pace with the rapid expansion of EV charging stations across the United States, with hackers able to access drivers’ payment data and worse.

In a worst-case scenario, cyber terrorists could weaponize thousands of vehicles, taking control of them remotely in order to cause power grid blackouts.

According to the U.S. National Institute of Standards and Technology (NIST), EV charging stations collect sensitive information including payment data. Because they are connected to the power grid, an attack could have cascading effects on consumer privacy and on the grid itself.

Even with EV charging companies taking all known steps to protect charging systems, hackers can locate access points in communication channels, leaving chargers open to data tampering or even distributed denial of service (DDoS) attacks. What makes all of this even more nefarious is that attackers can be thousands of miles away.

A report from cloud solutions provider Enterprise Engineering Solutions says hackers can gain control of charging stations and access vehicle control systems and ID and credit card information. They could disable networks, sensors, cameras, steering, and brakes, resulting in collisions.

‘Prevention Is Always Preferable’

Elias Bou-Harb, Ph.D., directs the Cyber Center for Security and Analytics at the University of Texas, San Antonio. “Monitoring in real time and dealing with attacks as they happen are important aspects of an overall security strategy, but prevention is always preferable,” Bou-Harb told  in an emailed statement. “Empirically, we continue to see escalated attacks on such infrastructure, including remote and physical attacks.”

“Cyber-attacks on charging stations can be prevented to a large extent through proper security measures and protocols. While it’s challenging to achieve 100 percent prevention, proactive steps can significantly reduce the risk of attacks,” Bou-Harb added.

Epoch Times Photo
Electrify America charging station (Courtesy of Electrify America)

During a study of charging stations, Bou-Harb and fellow researchers found significant vulnerabilities. They did an in-depth security analysis on 16 points of the EV charging system, such as firmware, mobile, and web app, and discovered a range of vulnerabilities. They highlighted the 13 areas of most concern, such as missing authentication and cross-site scripting.

The researchers noted that cybersecurity criminals could steal credentials and access user data. Other vulnerabilities included the ability to manipulate firmware, allowing criminals to launch more complex attacks.

To prevent the theft of consumer information and EV compromise, Bou-Harb said EV charging companies should implement robust authentication and authorization mechanisms, to ensure that only authorized users can access and use the stations.

In addition, Bou-Harb recommended encrypting communication between the charging infrastructure and back-end systems to protect data in transit. Charging station software and firmware should be regularly updated to address known vulnerabilities. Security audits should be conducted regularly and penetration testing done to identify and address potential weaknesses.

Finally, staff should be trained to recognize and respond to potential cyber threats.

Protect Your Vehicle

Bou-Harb suggests car owners keep their vehicles’ software up to date by installing the latest firmware and security patches; using strong and unique passwords for their EV accounts and charging apps; avoiding connecting vehicles to unsecured charging stations; and reporting suspicious account activity.

Another basic precaution is to detach dongles. The small devices that plug into the diagnostic port and allow companies to monitor driving habits can be an easy entry point for hackers and should be disconnected when the EV is not in use.

Hackers can also intercept wireless fob signals, amplifying the fob’s signal to trick the car into thinking the fob is closer than it really is in order to unlock the vehicle. It’s a good practice to store the fob in a metal box to block the signal.

Wireless services in a car can also be a point of entry. Users should disable seldom-used wireless features. This reduces the extent to which an attacker can interfere with the vehicle.

Alarmingly Easy to Hack

Sometimes, hacking an EV or EV charger is altogether too simple.

Ryan H. Levenson, founder of EV promotion and rental company The Kilowatts, was able to gain access to an Electrify America charger and went on Twitter to expose the major security issue. He posted videos showing how he was able to take control of the charger using a simple app. Levenson asked the company to fix the security issue.