Halting Hacks: EV Charger Cybersecurity Measures

Electric vehicles are growing in popularity. Light-duty vehicle sales of EVs and hybrids have increased from 12.9% in 2022 to 16.3% in 2023.

However, this growth brings new vulnerabilities, particularly for cybersecurity. Almost every technology can be hacked, and EVs and charging stations are no exception. 

Hacked EV. Image used courtesy of Adobe Stock

EV Chargers as a Target

Charging infrastructure is gradually being adopted into today’s landscape. This shift is good news for the engineers specializing in this tech. However, key attributes, such as cybersecurity, still need to be resolved with this transition.

One of the earliest EV charger hacking incidents occurred in Russia during the Ukraine invasion in 2022. The charging stations displayed anti-Putin messages. Energy company Rosseti had a Ukrainian supplier supposedly programmed the messages to appear. They had to deactivate the chargers and remove them from the grid. The political act left a powerful impression because incidents like these can affect customer experience, public perception, and future partnerships. 

Other motives behind targeting EV chargers involve personal data. These devices store personal information, including credit card data and vehicle IDs. Such details are valuable for accessing bank accounts and are used as a basis for marketing strategies. 

For example, Ignitis ON is a European-based group that empowers EV owners to charge their vehicles with smartphones. The convenience is helpful for customers, but hackers recently leaked about 20,000 customers’ data after tapping into the company’s cloud.

Manufacturers should also focus on the components' vulnerabilities and internal and intentional tampering. EV charging stations must be Internet-connected to allocate energy to automobiles and authenticate payment transactions.

Personal information isn’t the only concern. Hackers tampering with charging stations can short-circuit the power grid. Getting the whole system back online would inconvenience everyone who uses electricity.

Combating EV Charger Hacking

The two main ways EV chargers are hacked are through physical or digital tampering. For physical tampering, certain EV chargers have hardware that hackers can forcefully open. They can modify the hardware to steal data continuously or remove the processor and leave the station as is. Stealing the processor allows them to access personal Wi-Fi keys and intercept credentials and passwords.

To combat this, engineers must investigate the components to determine what flaws led to the stolen data. Understanding the vulnerabilities can highlight necessary design changes. It is also possible to test them to see whether perpetrators can easily break open the unit.

If cyber attackers target the inventory, designers and engineers should request a recall to take the devices offline and run an inspection. They should work together with IT specialists to recover the system and information. They should also update security software to check for any other viruses.

Hacking vulnerabilities in EV charging stations. Image used courtesy of Department of Energy

Digital hacking occurs remotely. The IoT aspect is integral to chargers’ design, but being connected means potential interference through unencrypted networks. This vulnerability enables cyber attackers to take control of the EV charger and turn it on or off. They can also tap into any stored information and sell it.

To avoid this, designers should use stronger verification methods and secure the network properly. If the charger is compromised, it is important to send a report to the Cybersecurity and Infrastructure Security Agency. The report should include details about the vulnerability and its impact on the brand.

Engineers should also assess their analysis process to narrow down the cyberspace risks associated with EV chargers. There are risk quantification techniques to measure how unprotected these utilities are. For instance, the Monte Carlo simulation gauges risk and uncertainty by approximating all possible outcomes endangering data. From there, engineers can narrow down the high-priority threats and estimate the costs.

Frameworks have been developed and automated to run the numbers and narrow the cybersecurity risks. Unfortunately, many establishments fail to use the resources for these reviews. A ThreatConnect survey found that 41% of respondents don’t have a cyberattack risk analysis process, and about 25% lack cyberattack risk quantification technology.

These investments are game-changing in identifying and mediating potential hack processes early on to prevent them. If a business has been targeted before, it should be more than vigilant in implementing such changes.

Securing EV Chargers

Some companies are implementing cybersecurity measures to avoid hacks. For instance, regular security assessments and penetration testing on EV charging infrastructure ensure the stations are well-equipped to handle cyberattacks. Controlling access and authorized users is also beneficial. 

Even after quality control outside the factory, EV chargers are still vulnerable to tampering. Communication with distribution centers and transportation enterprises is important to provide a smoother and safer experience for patrons and protect a service's reputation in the long run.

Future security trends are also looking hopeful. AI-powered systems can automate encryption and anonymization to protect user information from theft. They can also improve the experience by enhancing energy distribution to meet charging needs.

AI is also suitable for risk analysis since its algorithm can take details and run predictive maintenance, alerting staff of potential faults in the system. For example, CloudDefense.AI uncovered a vulnerability in Shell in 2023, which would have exposed fleet operators’ names, email addresses, and phone numbers. Security researchers notified the oil giant about the database's lack of protection, which warranted enhancing its network and limiting overall accessibility.

Video used courtesy of SEALQ

Other developments include blockchain technology. SEALSQ Corp is a technology hardware supplier that wants to enhance cybersecurity for EV chargers. They understand that cybersecurity vulnerabilities can make it difficult to enjoy the convenience of plug-and-charge stations.

SEALSQ Corp is launching SEALCoin to secure payments between EVs and charging stations. This infrastructure decentralization can encrypt the network and data while authenticating transactions. 

Integrating Decentralized Physical Infrastructure Networks as an assistive technology makes SEALCoin more expandable. EV popularity will continue to grow, so managing all users and transactions without sacrificing security is imperative. 
 

Recognizing EV Charger Risks

As these protection measures evolve, hackers will likely retaliate and develop more advanced techniques to gain an advantage. EV charging station usage is becoming more widespread. Professionals should avoid complacency and focus on staying ahead of these attacks by securing these devices and their connections. By protecting customer data and hardware, they can save their reputations and resources to maximize gain.