Charging Station’s Cybersecurity Risks Endanger EV Adoption

RAFI SPIEWAK

Content Marketing Manager

Automakers and consumers are experiencing a breakthrough in electronic vehicle (EV) adoptability. Wide-spread easily accessible charging station networks are quelling range anxiety and replacing it with range optimism.

During this critical adoption period, EV owners are for the first time trusting the EV ecosystem enough to plan nationwide charging stops throughout their journey, just as they have done with gas stations for decades. The mere sight of charging stations is a signal to car and fleet buyers that this long-promised technology has come to fruition and they too can experience such luxuries as an EV.

What OEMs, Tier-1s, and Tier-2s know is that the highly connected nature of charging stations, along with the vehicles they empower, is far from secure.

Charging station’s cybersecurity hurdles

Charging stations offer hackers a wide surface area full of cybersecurity gaps via new technological deployments, which grant access directly to connected vehicle data.

Some OEMs have begun implementing security by design features, such as designating a limited-access ECU as the charging station liaison. Others are relying on software-based technologies. But as we saw in the Tier-1 cybersecurity webinar, vehicle components can only secure against attacks for a limited period of time. Eventually, hackers learn to skirt around these protections. For example, a group of automotive hackers found a way to wirelessly abort vehicle charging en masse from up to 47m (151ft) away. This process, called “Brokenwire” can have mass implications if the charging of emergency or government vehicles were stopped and did not have enough energy for their shifts.

White-hat hackers have already begun tampering with popular at-home and commercial charging stations. The white paper, Protecting Commercial Vehicles: Continuous Operation and Uptime Amidst Cybersecurity Threats, explores a recent study, which demonstrated how all major charging station manufacturers failed to follow critical security protocols, such as a lack of firmware update authentications, standardized passwords on APIs, and more.

These cybersecurity failures not only put assets in danger- they put decades of progress and a flourishing EV ecosystem at risk. They also makes us recognize the increasing need for electric vehicle cyber security.

Ecosystem Dangers

Charging stations are a natural companion to EV adoption but risk and liabilities are not shared evenly. Together, they create a key pillar in what the future of automotive can be: Green, efficient, and electrified.

Charging station companies are working to build their reputations through marketing, partnerships, and organic growth avenues, pushing the limits and convenience of the EV revolution. While this serves to the benefit of OEMs, it also presents dangers to their assets, as well as their reputations.

It’s critical to take into account that consumers and commercial industries are testing the waters of putting critical operations in the hands of electrification adoption. This can take the form of a family road trip or a company trusting that a truck can charge as it makes critical cross-country deliveries. Regardless, an automotive cybersecurity breach on the side of a charging station vendor will ultimately fall on the shoulders of OEMs.

Consider two scenarios:

  1. An automotive OEM partners with a new company, ChargingCo, which has networks across the American South West. Minutes after a consumer plugs in their EV at a rest stop, they get a notification that their battery has been depleted- later learning on the news that a region-wide hack has bricked all an OEMs vehicles.
    While the blame may not be on the OEM, the reputational damage will be
  2. A heavy-vehicle OEM pushed an update to their vehicles that did not take into account a patch that blocks charging stations from extracting critical data from a fleet. Soon, a company discovers that vehicle routes and common locations are for sale on the dark web as a result of this vulnerability.
    As the OEM and charging company figures out who’s truly at fault, the court of public opinion has already found the vehicle manufacturer at fault, resulting in costly campaigns and damaged reputations.
  3. A piece of malware penetrates a charging station network, targeting one OEM and unraveling manufacturer reputations that took generations to develop. An attack can also expose personal data, giving hackers insight into a vehicle’s charging habits, locations, and other personal information.

It still remains to be seen if a single charging station manufacturer will develop enough market share to become a household name. In the meantime, it is the automotive OEMs who are putting their names on the line.

V2G & V2X Infrastructure hazards

To support the rapid rise of EV adoptions, critical infrastructure and increased connectivity are promising to rethink energy distribution and reimagine how we share the road.

Vehicle to grid (V2G) connectivity relies on two-way power flow, allowing for stored energy to be redistributed back into the grid from inactive vehicles when power demands peak. By hacking into charging stations, vehicles of a certain type or in a controlled region may be programmed to simultaneously demand or send power at a specific time, overloading the power grid.

For vehicle to everything (V2X) applications, a compromised vehicle can be a hazard to pedestrians, networks, cloud data, and other critical road-safety initiatives.

Newsletter Icon

H1'2022 Automotive Cyber Trend Report

Newsletter Icon

Subscribe
to our newsletter

Sign up to receive updates delivered to your inbox

NHTSA Updates US Cybersecurity Guidelines for Vehicles

Connected and software-defined vehicles technologies are on the rise, offering customers a better user experience, and introducing new monetization strategies for OEMs. Given the rising…

Read more

Upstream Partners with Salesforce, Putting Connected Vehicle Data in Motion

The automotive industry is undergoing a massive transformation, building new revenue streams and business opportunities. Connected vehicle and smart mobility data are at the core…

Read more

Securing Smart Mobility Requires a Fresh Approach to API Security

Connected vehicles and smart mobility services use numerous APIs. Everything from OEM-driven companion apps, infotainment systems, OTA servers, telematics servers, and EV charging management or…

Read more

EV Charging Stations Cyber Vulnerabilities Could Be EVs Achilles Heel

Electric vehicles (EVs) are a critical pillar of the global automotive revolution we’re experiencing today. Over the next five years, the US government will invest…

Read more