16 Aug 22

EV charging stations vulnerable to hackers – so how defend your fleet?

As a string of recent examples show, cybercriminals are increasingly targeting charging stations for electric vehicles. What are the risks for your fleet, and how do you defend yourself against these attacks? 

Cybercrime is an eternal online race between the good guys and the bad guys; hackers aim for the lowest-hanging fruit and move on as soon as a particular threat has been identified and the problem fixed. 

Easy targets

Among the targets currently in their sights are EV charging stations. Why? Because at the moment, it’s easy. And the potential for mayhem and extortion is great. Some recent examples. 

  • In late February, days after Russia invaded Ukraine, a hacker collective disabled EV charging stations along the main Moscow to St Petersburg motorway. The screens of the charging devices displayed “Glory to Ukraine”, “death to the invaders”, and similar slogans. 
  • In November 2021, a bug in the app of a car charging provider in the UK caused the leaking of the names, addresses and charge histories of thousands of its customers. In all, 140,000 users were put at risk of identification.
  • Also last year in July, researchers found security flaws that allowed them to remotely switch chargers on and off, lock and unlock the charging cable, and revoke the user’s permission to charge. In theory, this flaw would allow wrongdoers to charge their own EV for free. 

While these cases show the system’s vulnerabilities, they still fall short of a concerted, all-out assault on an EV charging network. This could take the form of a so-called ‘ransomware attack’: the intentional shutdown of an entire network of charging stations, unless and until the operators pay a ransom – which could run into millions of euros, dollars or pounds.

Backdoor access

Worryingly, the potential for trouble doesn’t end there. Access to a network of EV charging stations could also give backdoor access to the electricity grid itself, and even control over the EVs plugged into the charging stations. 

The main risk to the EVs is the same as to the network: denial of service, until a “compensation” is paid to the hackers. An additional risk is to do with the technical information your EV exchanges with the charging network, which could be an entry point for cybercriminals to track data or control certain aspects of the EV.

As yet, there are no known casese of a ransomware attack on charging stations. However, there currently are more than two million public charging stations around the world, with many more being added daily. This increases the target and the potential return for cybercriminals. Consequently, many experts think a cyberattack on an EV charging network is only a matter of time. 

“’(And t)hat would be a real risk, not only to the charging station, but to the critical infrastructure of a country”, Yoav Levy, CEO of Upstream Security, told NoCamels. Upstream Security is an Israeli startup specialising in securing connected vehicles from cyberattacks, and so far the only company worldwide providing completely software-based method of protecting EV charging networks. 

Common-sense suggestions

So, how can corporate fleets protect the EVs in their fleets from being hacked via compromised charging stations? While it is impossible to eliminate the risk entirely, here are some common-sense suggestions to keep your fleet safe. 

1. Awareness

Despite the aforementioned incidents, there have as yet not been any dedicated ransomware attacks on EV charging networks. It is, however, prudent to be aware of the risk, and to be able to fall back on sufficient charging capacity at the office, and/or via home charging. These more distributed types of EV charging are not as vulnerable to hacking as larger networks. 

2. Talk to your suppliers

Due to the fact that no such attacks have yet occurred, the threat to EV charging networks may not be on the radar of your supplier of EVs and EV charging solutions. Make sure they are, and discuss how they can help you minimize exposure to this risk. 

3. Charge wisely

Hackers typically opt for the easiest way in, for the lowest-hanging fruit. When faced with the choice of which EV charging network to use, make sure you select the one(s) with the better cybersecurity guarantees. 

Image: Kritzolina, CC BY-SA 4.0

Authored by: Frank Jacobs