The Increasing Need for Electric Vehicle Cyber Security
Did you know that experts predict 125 million electric vehicles on the road by 2030? If the International Energy Agency achieves their goal, this is a conservative estimate, as the [email protected] initiative hopes to make electric vehicles make up 30% of the cars on the road by 2030, totalling an incredible 220 million vehicles.
Electric vehicles are an exciting step forward in Smart Mobility, improving the quality of the air that we breathe, tackling issues such as noise pollution and greenhouse gas emissions, and working towards better energy security for the future. However, as with any new technology, especially one which controls the safety on our roads, security factors need to be considered front and center.
Hardware in electric vehicles may cause problems for OEMs
In developing countries, jump-starting initiatives such as electric vehicles could have incredible benefits for the economy at large. By cutting down on fuel imports, and working to reduce carbon emissions – politicians gain public support, with quick wins that seem to have no downside. But is this the case?
Looking at a country like India, the government has pledged to have a majority of electric vehicles on the roads by 2030, despite that number being almost non-existent currently. In order for this to happen, India will need to rely heavily on foreign exports such as Chinese manufacturers. In fact, according to PwC India, electric vehicle makers are forced to import as much as 80% of an EV, from the battery itself, to the battery management system. With this reality, the opportunities are ripe for manufacturers to leave backdoor entry points for malicious intent or collecting sensitive data. Sounds unlikely? This is reportedly what 30 US organizations, including giants Apple and Amazon are dealing with.
The risks are far greater than one vehicle or even one OEM. IoT enables an infected EV to communicate with its charging station, and from there to a network of vehicles, and even the electricity grid at large. While a wide-spreading risk to IT cybersecurity could be devastating to public image as well as cost millions to fix, a similar kind of attack on automotive could have the same impact – on top of a real and catastrophic effect on human lives. This is one reason why key stakeholders in India have asked for legislation to ensure that EVs and charging points have network segmentation technology enforced to reduce the associated risk.
Charging stations pose a cyber security risk for electric vehicles
The public has already seen examples of attackers leveraging electronic charging stations to cause damage. This is often done through the Near-Field Communication (NFC) card that is used to handle billing when drivers charge their EVs. Problems include third-party providers of the ID cards themselves, who often do not secure their customer data. Researchers have shown they are able to copy these cards and use them to charge their vehicles, with the bill going to the associated account.
Additionally, many of the charging stations that are being used today use an out of date Open Charge Point Protocol based on HTTP, which does not encrypt data or communications. This could lead to relay or man-in-the-middle attacks where attackers leverage a seemingly legitimate signal such as WiFi. This vulnerability could also allow attackers to rewire charging requests altogether, and gain root access to the station.
USB ports on charging stations could also be used for malicious intent that could directly affect driver privacy. Through a simple flash drive, logs and data can be copied to the drive, giving attackers not only the data on the OCPP server itself, but also confidential information on users of the charging point, allowing attackers to copy their ID numbers or even track their location.
Stay on top of electric vehicle cyber security
Most OEMs, Fleets and other key electric vehicle stakeholders rely on security in silos to manage this increasingly complex environment, whether in-vehicle security, or network security. Many businesses also feel forced to trust third-party manufacturers and public provided resources, feeling like they have no other choice in the absence of information or control.
Automotive cloud security is different. Sitting centrally rather than at any endpoint, data is normalized and aggregated into one easy to read dashboard, collected from all relevant streams to give stakeholders a full picture of the data flows in their environment. This single source of truth makes it easy to spot threats to your network and identify anomalies ahead of time.
In an environment as emergent as electric vehicles, and with Black hat attacks surpassing research-based White hat attacks for the first time, many businesses simply don’t know what to look out for yet. This single pane of glass approach is the only solution that keeps you ahead of the game.
Upstream’s 2023 Global Automotive Cybersecurity Report
Follow the Data: Connected Vehicles & Beyond
Automotive OEMs executives deal every day with at least four strategic challenges: Reputational risk limitation Regulatory compliance Recall costs minimisation Reliability of service and customer…Read more
The Future of Fleet Security: Are Autonomous Vehicles Secure?
In recent years, the delivery industry has seen a significant shift towards electrification and autonomous vehicles in an effort to streamline services and improve efficiency.…Read more
The Race to Autonomous Mobility May Be Slowed Down by Hackers
Electric-driven and fully autonomous mobility services have the potential to solve some of the world’s biggest transportation challenges. They are bound to revolutionize the automotive…Read more
The Power Grid Must Be Protected, But Are EV Charging Stations Secure?
The widespread adoption of electric vehicles (EVs) depends on a robust and reliable network of charging stations. However, as the number of EVs on the…Read more