Security and the Electric Vehicle Charging Infrastructure

Stopspying

Level 19
Thread author
Verified
Top Poster
Well-known
Jan 21, 2018
814
With more countries reaching the tipping point for electric vehicle (EV) adoption, it's more urgent than ever for the public and private sectors to invest in EV charging infrastructure. A robust and highly secure EV charging ecosystem is essential for ensuring network availability and stability, providing a seamless charging experience to drivers, and achieving zero-emission transportation.
The good news is that EV charging infrastructure build-out is gaining momentum. The downside is that cybersecurity risks are growing along with the charging infrastructure, and cybercriminals are starting to take notice.
Today, EV chargers themselves are the primary target, with hacks ranging from planting ransomware to hijacking charger message screens with politically motivated or objectionable content. In a major wakeup call to manufacturers, a white-hat security specialist demonstrated EV charger hardware and software vulnerabilities. Recent hacks have also shown that EVs, too, are at risk.

The Vulnerabilities Are Broader Than Chargers and EVs​

The communications networks that connect chargers with their management system, the personal data that travels across those networks, the charge-point operators collecting payments, and the grid itself are increasingly vulnerable as the EV ecosystem grows and the attack surface expands. The risks include (but are not limited to):
  • Disruption of operations for public charger networks, rendering large numbers of chargers unusable and interfering with transportation
  • Takeover of charger networks to use the chargers as bots in massive distributed denial-of-service (DDoS) attacks
  • Theft of customers’ personal identifiable information (PII), including payment card information
  • Fraudulent payments for electricity used in EV charging
  • Disruption to the power grid, leading to blackouts and equipment damage
  • Damage to the EV charging provider's reputation
As IT security experts know, whenever you have digital communications between two points, you have a potential vulnerability. When an EV plugs in to a networked charger, a cascade of bidirectional communications between multiple computers ensues — between the vehicle and the charger, the charger and the driver's mobile app, the charger and the grid, the charger and the back-end management system, the management system and a payment gateway, and the management system and the charge-point operator. That's a broad attack surface....

 
Last edited by a moderator:

MuzzMelbourne

Level 15
Verified
Top Poster
Well-known
Mar 13, 2022
599
In February, researchers with energy-network cybersecurity firm Saiflow discovered two vulnerabilities in the Open Charge Point Protocol (OCPP) that could be used in a distributed denial-of-service (DDoS) attack and to steal sensitive information. And the Idaho National Laboratory recently found that every charger it examined — more formally known as Electric Vehicle Supply Equipment (EVSE) — was running outdated versions of Linux, had unnecessary services, and allowed many services to run as root, according to a survey of EV charging vulnerability research in the journal Energies. Other potential attacks include adversary-in-the-middle (AitM) and services exposed to the public Internet, according to the paper.

 

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top