Fast Charging’s Rapid Rise Raises EV Security Risks

Getting the public on board with electric vehicles involves improving charging times and battery capacity. DC fast charging is the most widespread option at public charging stations, letting drivers return to the road in under an hour. 

However, while these chargers are efficient, they’ve introduced cybersecurity and other risks worldwide. How can the charging industry address these issues?

A Tesla Supercharger services a car at a New Jersey charging station. Image used courtesy of Unsplash

How Has Fast Charging Raised Security Concerns?

DC fast chargers support modern EV infrastructure through efficiency and high power. However, various security concerns have inhibited growth and caused issues worldwide. 

Physical Damage to EV Chargers

One security concern is physical damage to public EV charging stations. These machines contain valuable parts that thieves can sell on the black market for a profit. The inverter is a prominent target because it could be used in other industries. Some devices can reach up to 1,000 watts, so enhanced security measures are necessary to protect chargers. 

DC fast chargers are also targets of physical damage because of their copper and aluminum. Increasing EV adoption and public charging stations means more opportunities to steal these metals. The copper and aluminum in DC fast chargers have high melting points and can more easily withstand heat, thus making them more valuable for other uses. 

Compromised Privacy for Charger Users

While physical security protects from vandalism, more measures are necessary to enhance cybersecurity. Fast chargers increase connectivity between vehicles and power grids, requiring data transmission with each session. Using the stations means clients are vulnerable to their information being compromised, potentially on a massive scale. Therefore, the industry must tackle these concerns.

Public fast chargers are at risk because they require payment for each session. Users reveal sensitive details like credit card numbers and bank account information. Outside threats could mean leaked payment information or denial-of-service (DoS) attacks to disrupt normal operations. Experts say cyberattacks affected 343 million people in 2023, so breaches at a fast charger would be detrimental. 

The cyber-physical structure of public EV chargers. Image used courtesy of the Department of Energy

Threatened EV Charger Networks

If a network is threatened, fast chargers could stop working entirely. The entire DC station could be inoperable if a DoS attack occurs. These threats turn off the charging control unit and attack the various communication protocols to bring down the device. The networks are also vulnerable if the power management systems become unstable or useless.

Material sourcing is an overlooked aspect of EV charging stations. A device using third-party vendors could be vulnerable to security breaches. One weakness could compromise the charger, so local officials must scrutinize each installation. Threats could also arise if employees are careless or intentionally leak information to outsiders. 

Power Line Problems Threaten Fast Chargers

Recent research has demonstrated how power line communication (PLC) has compromised DC fast chargers. The systems require high voltage to recharge EVs, thus emphasizing the importance of the PLC in communicating with smart grids. Without them, the chargers risk overloading local energy storage and causing outages. More bad news could arrive if the PLCs are compromised. 

Testing DC fast chargers for cyber-resiliency. Image used courtesy of SwRI

The Southwest Research Institute (SwRI) tested DC fast chargers and found vulnerabilities within the PLC layers. When testing the systems, the researchers accessed the digital keys for the EV and the charger it used. SwRI determined inadequate encryption and key generation caused the issues due to older chips. 

How to Address Cybersecurity Issues

Companies must address physical security and cybersecurity issues if they want to expand the nation’s DC fast chargers. Here are a few strategies for safeguarding these networks. 

Zero-Trust Systems for Chargers

Following its research, SwRI has developed strategies to improve automotive cybersecurity and help DC fast chargers. The Texas-based organization created a zero-trust architecture to mitigate interruptions in functionality and performance. While this concept has limitations—such as cost and overhead—it’s an essential addition because of its network segmentation. 

Zero-trust infrastructure enables charging stations to limit the damage of outside attacks. Separating payment methods, inverters, and control systems creates a lessened attack surface. This strategy also limits privileges to the minimum access needed from the charger. Users who have more than they need could compromise the system’s operations.  

Authentication 

Another way to protect fast chargers is with solid authentication measures. The stations should require constant reauthorization to ensure only those with permission can access the charging technology. Newer public chargers have mandated MFA to access the device and limit the ramifications of a compromised password, thus heightening cybersecurity measures. 

The EV owner must use a password to start their session when using the charger. Then, they enter a code sent to their phone or the app to verify their permission. Some chargers have started using biometrics because they’re more challenging to manipulate. You could also see token-based authentication with temporary passwords or smart cards to access the charger.  

Encryption

SwRi also identified encryption as an issue in its fast charger testing. It was easier to access the vehicle and charger information without it. One engineer said this strategy is a crucial next step in securing chargers. With vehicle-to-grid becoming more prominent, encryption would protect EV chargers and users’ data. 

Types of zero-trust infrastructure. Image used courtesy of Li et al.

People use public charging stations daily, meaning outsiders could access thousands of credit card numbers and contact information. Encryption scrambles the data and makes it useless if someone gains unauthorized access. Ransomware has become a more significant concern, so encryption has become necessary to deter it. This cybersecurity strategy is also essential to comply with local and international privacy regulations. 

Firmware Updates

Preventive measures help fast chargers deter theft and limit unauthorized access. However, problems could arise because of backdoors and increasingly sophisticated threats. In response, public charging stations must prioritize firmware updates to patch these vulnerabilities. Companies could develop better algorithms and other countermeasures to enhance security. 

For example, the fast charger could require improved communication protocol or an intrusion detection system to prevent future exploitation. The developers must test necessary updates in a controlled environment before releasing them. Otherwise, it could do more harm than good. Charging manufacturers should use firmware updates to detect emerging threats such as malware or design flaws. 

Protecting Fast Chargers for the Electric Future

The future of automobiles includes a stronger technological connection, as seen with EVs. These electric machines have benefited from fast charging stations that mitigate range anxiety and charging times. 

However, cybersecurity and physical threats put them at risk. Encouraging EV adoption means boosting security through zero-trust architecture and encryption. Without these measures, EVs could become more vulnerable than necessary.