Charging Station’s Cybersecurity Risks Endanger EV Adoption
Automakers and consumers are experiencing a breakthrough in electronic vehicle (EV) adoptability. Wide-spread easily accessible charging station networks are quelling range anxiety and replacing it with range optimism.
During this critical adoption period, EV owners are for the first time trusting the EV ecosystem enough to plan nationwide charging stops throughout their journey, just as they have done with gas stations for decades. The mere sight of charging stations is a signal to car and fleet buyers that this long-promised technology has come to fruition and they too can experience such luxuries as an EV.
What OEMs, Tier-1s, and Tier-2s know is that the highly connected nature of charging stations, along with the vehicles they empower, is far from secure.
Charging station’s cybersecurity hurdles
Charging stations offer hackers a wide surface area full of cybersecurity gaps via new technological deployments, which grant access directly to connected vehicle data.
Some OEMs have begun implementing security by design features, such as designating a limited-access ECU as the charging station liaison. Others are relying on software-based technologies. But as we saw in the Tier-1 cybersecurity webinar, vehicle components can only secure against attacks for a limited period of time. Eventually, hackers learn to skirt around these protections. For example, a group of automotive hackers found a way to wirelessly abort vehicle charging en masse from up to 47m (151ft) away. This process, called “Brokenwire” can have mass implications if the charging of emergency or government vehicles were stopped and did not have enough energy for their shifts.
White-hat hackers have already begun tampering with popular at-home and commercial charging stations. The white paper, Protecting Commercial Vehicles: Continuous Operation and Uptime Amidst Cybersecurity Threats, explores a recent study, which demonstrated how all major charging station manufacturers failed to follow critical security protocols, such as a lack of firmware update authentications, standardized passwords on APIs, and more.
These cybersecurity failures not only put assets in danger- they put decades of progress and a flourishing EV ecosystem at risk.
Charging stations are a natural companion to EV adoption but risk and liabilities are not shared evenly. Together, they create a key pillar in what the future of automotive can be: Green, efficient, and electrified.
Charging station companies are working to build their reputations through marketing, partnerships, and organic growth avenues, pushing the limits and convenience of the EV revolution. While this serves to the benefit of OEMs, it also presents dangers to their assets, as well as their reputations.
It’s critical to take into account that consumers and commercial industries are testing the waters of putting critical operations in the hands of electrification adoption. This can take the form of a family road trip or a company trusting that a truck can charge as it makes critical cross-country deliveries. Regardless, an automotive cybersecurity breach on the side of a charging station vendor will ultimately fall on the shoulders of OEMs.
Consider two scenarios:
- An automotive OEM partners with a new company, ChargingCo, which has networks across the American South West. Minutes after a consumer plugs in their EV at a rest stop, they get a notification that their battery has been depleted- later learning on the news that a region-wide hack has bricked all an OEMs vehicles.
While the blame may not be on the OEM, the reputational damage will be
- A heavy-vehicle OEM pushed an update to their vehicles that did not take into account a patch that blocks charging stations from extracting critical data from a fleet. Soon, a company discovers that vehicle routes and common locations are for sale on the dark web as a result of this vulnerability.
As the OEM and charging company figures out who’s truly at fault, the court of public opinion has already found the vehicle manufacturer at fault, resulting in costly campaigns and damaged reputations.
- A piece of malware penetrates a charging station network, targeting one OEM and unraveling manufacturer reputations that took generations to develop. An attack can also expose personal data, giving hackers insight into a vehicle’s charging habits, locations, and other personal information.
It still remains to be seen if a single charging station manufacturer will develop enough market share to become a household name. In the meantime, it is the automotive OEMs who are putting their names on the line.
V2G & V2X Infrastructure hazards
To support the rapid rise of EV adoptions, critical infrastructure and increased connectivity are promising to rethink energy distribution and reimagine how we share the road.
Vehicle to grid (V2G) connectivity relies on two-way power flow, allowing for stored energy to be redistributed back into the grid from inactive vehicles when power demands peak. By hacking into charging stations, vehicles of a certain type or in a controlled region may be programmed to simultaneously demand or send power at a specific time, overloading the power grid.
For vehicle to everything (V2X) applications, a compromised vehicle can be a hazard to pedestrians, networks, cloud data, and other critical road-safety initiatives.
Upstream’s 1000th Automotive Cybersecurity Incident: Use NFC Card to Gain Control in 130 Seconds
As a part of Upstream’s ongoing effort to monitor, analyze and assess the impact of automotive-related cybersecurity incidents and vulnerabilities, we recently marked an important…Read more
Charging Station’s Cybersecurity Risks Endanger EV Adoption
Automakers and consumers are experiencing a breakthrough in electronic vehicle (EV) adoptability. Wide-spread easily accessible charging station networks are quelling range anxiety and replacing it…Read more
Protecting Vehicles Requires a Fresh Outlook on Product Cybersecurity
Cybersecurity is an ever-transforming realm. As vehicles become significantly more connected, the threat landscape increases exponentially. In the race between threat actors and security teams,…Read more
Cybersecurity for Connected Vehicles: From Cost Centre to Value Centre (Part 2)
This blog is part of a series on the monetization of connected vehicles through cloud-based agentless cybersecurity tools, written by Ric Vicari, Upstream’s UK-based VP…Read more