Rapid Growth of EV Charger Networks Comes With Major Security Threats

Rapid Growth of EV Charger Networks Comes With Major Security Threats
An EVGo station for charging electric vehicles in Irvine, Calif., on March 25, 2022. John Fredricks/The Epoch Times
Masooma Haq
Updated:
0:00

As Americans head out on vacation this summer, more and more of them are hitting the road in electric vehicles.

Like it or not, that trend looks like it will continue as states like Virginia and Washington follow California’s lead in imposing 100 percent electric vehicle (EV) sales timelines.

Falling EV prices are predicted to open the market to less affluent drivers.

Meanwhile, Ford Motor announced this week that it has agreed to a massive $9.2 billion federal loan to build three electric vehicle plants as part of President Joe Biden’s push to supercharge EV production.

A rapidly expanding EV charging infrastructure supports the vehicles’ growth spurt.

However, the charging stations come with major security risks, experts say, giving the “silent majority“ who aren’t on board with wholesale EV adoption yet another reason to be skeptical.

An Increasing Number of Cyber Attacks

With the rapid growth and evolving technology of EV infrastructure, the United States and Europe are seeing an increasing number of cyber-attacks related to EV charging systems.

Experts fear that security risks are keeping pace with the rapid expansion of EV charging stations across the United States, with hackers able to access drivers’ payment data and worse.

In a worst-case scenario, cyber terrorists could weaponize thousands of vehicles, taking control of them remotely in order to cause power grid blackouts.

According to the U.S. National Institute of Standards and Technology (NIST), EV charging stations collect sensitive information including payment data. Because they are connected to the power grid, an attack could have cascading effects on consumer privacy and on the grid itself.

Even with EV charging companies taking all known steps to protect charging systems, hackers can locate access points in communication channels, leaving chargers open to data tampering or even distributed denial of service (DDoS) attacks. What makes all of this even more nefarious is that attackers can be thousands of miles away.

A report from cloud solutions provider Enterprise Engineering Solutions says hackers can gain control of charging stations and access vehicle control systems and ID and credit card information. They could disable networks, sensors, cameras, steering, and brakes, resulting in collisions.

‘Prevention Is Always Preferable’

Elias Bou-Harb, Ph.D., directs the Cyber Center for Security and Analytics at the University of Texas, San Antonio. “Monitoring in real time and dealing with attacks as they happen are important aspects of an overall security strategy, but prevention is always preferable,“ Bou-Harb told The Epoch Times in an emailed statement. ”Empirically, we continue to see escalated attacks on such infrastructure, including remote and physical attacks.”

“Cyber-attacks on charging stations can be prevented to a large extent through proper security measures and protocols. While it’s challenging to achieve 100 percent prevention, proactive steps can significantly reduce the risk of attacks,” Bou-Harb added.

Electrify America charging station (Courtesy of Electrify America)
Electrify America charging station Courtesy of Electrify America
During a study of charging stations, Bou-Harb and fellow researchers found significant vulnerabilities. They did an in-depth security analysis on 16 points of the EV charging system, such as firmware, mobile, and web app, and discovered a range of vulnerabilities. They highlighted the 13 areas of most concern, such as missing authentication and cross-site scripting.

The researchers noted that cybersecurity criminals could steal credentials and access user data. Other vulnerabilities included the ability to manipulate firmware, allowing criminals to launch more complex attacks.

To prevent the theft of consumer information and EV compromise, Bou-Harb said EV charging companies should implement robust authentication and authorization mechanisms, to ensure that only authorized users can access and use the stations.

In addition, Bou-Harb recommended encrypting communication between the charging infrastructure and back-end systems to protect data in transit. Charging station software and firmware should be regularly updated to address known vulnerabilities. Security audits should be conducted regularly and penetration testing done to identify and address potential weaknesses.

Finally, staff should be trained to recognize and respond to potential cyber threats.

Protect Your Vehicle

Bou-Harb suggests car owners keep their vehicles’ software up to date by installing the latest firmware and security patches; using strong and unique passwords for their EV accounts and charging apps; avoiding connecting vehicles to unsecured charging stations; and reporting suspicious account activity.

Another basic precaution is to detach dongles. The small devices that plug into the diagnostic port and allow companies to monitor driving habits can be an easy entry point for hackers and should be disconnected when the EV is not in use.

Hackers can also intercept wireless fob signals, amplifying the fob’s signal to trick the car into thinking the fob is closer than it really is in order to unlock the vehicle. It’s a good practice to store the fob in a metal box to block the signal.

Wireless services in a car can also be a point of entry. Users should disable seldom-used wireless features. This reduces the extent to which an attacker can interfere with the vehicle.

Alarmingly Easy to Hack

Sometimes, hacking an EV or EV charger is altogether too simple.

Ryan H. Levenson, founder of EV promotion and rental company The Kilowatts, was able to gain access to an Electrify America charger and went on Twitter to expose the major security issue. He posted videos showing how he was able to take control of the charger using a simple app. Levenson asked the company to fix the security issue.

In 2020, a Belgian security researcher discovered a way to overwrite and hijack the firmware for Tesla Model X key fobs.  Lennert Wouters, a Ph.D. student at the Catholic University of Leuven, Belgium, took just minutes—and used inexpensive supplies—to accomplish the attack, which would have allowed him to steal any car that wasn’t running on the latest software update.

At the age of 19, white hat hacker David Colombo used a third-party software application called TeslaMate to easily access vehicle data. Colombo said in a January 2022 Tweet that he was able to hack into 25 Teslas in 13 countries. He was able to remotely run commands like adjusting a vehicle’s stereo volume, opening doors and windows, and engaging keyless driving.

Anomaly Detection

Mansi Girdhar is an electrical engineering doctoral student at the University of Michigan, Dearborn. Girdhar is researching EV charging security. She says the field of study is important given how new the technology is. Universal manufacturing standards don’t exist yet for EVs, let alone for their cybersecurity frameworks.
Girdhar’s research focuses on the weak link between vehicle security and electrical grid security. While charging, an EV connects its onboard electronic components and controllers, using something called a Controller Area Network (CAN). “The problem is, CAN is not very secure,” Girdhar told UM News.
A Tesla recharges at a Tesla Supercharger station in Pasadena, Calif., on April 14, 2022. (Mario Tama/Getty Images)
A Tesla recharges at a Tesla Supercharger station in Pasadena, Calif., on April 14, 2022. Mario Tama/Getty Images

Girdhar’s research will use an approach called anomaly detection. It involves using machine learning to develop a fingerprint of what normal computing activity looks like when a vehicle is charging, so the system can then identify when something appears out of the ordinary.

“We’re actually not assuming that we can design a charger that is hack-proof—we’re not trying to make it immune,” Girdhar told UM News. “Instead, we want to be able to detect an attack as it’s happening, and identify what kind of attack, so we can then deploy the correct defense in real-time.”

The Great American Road Trip, Electrified

The U.S. government expects EV sales in America to reach 40 percent of total passenger car sales by 2030, making the need for top-notch cyber-security for the vehicles ever more pressing.

According to an Experian report in late 2022, there are currently only 1.7 million electric cars on the road, out of almost 285 million total vehicles. To put that in perspective, however, there were only 400,000 EVs on the road in 2018. That’s an increase of 325 percent in just four years.

To keep the cars running, the 2021 Bipartisan Infrastructure Deal included $7.5 billion to build and support a network of EV charging stations.
In line with this, the Biden administration in February announced the development of 500,000 EV charging stations at hubs across the country by 2030 to keep pace with EV sales.
Car manufacturers and charging companies have made varying commitments to help meet Biden’s goal. Ford, General Motors, Mercedes-Benz, ChargePoint, and Electrify America are among a host of network operators who have pledged to accelerate charger roll out, with the goal of adding about 100,000 new public multi-EV chargers by the end of 2024, according to a White House fact sheet.

Where the Current Flows

There are currently over 130,000 public charging stations in the United States.

According to a January U.S. News and World Report article, ChargePoint is the largest U.S. charging network, with over 27,000 stations and nearly 50,000 individual charging ports. However, the vast majority of those charging stations are not fast charging stations.

Electrify America is the largest ultra-fast direct current (DC) charging network in the United States, with over 800 charging stations and over 3,000 individual chargers. Owned by Volkswagen, the company plans to have over 10,000 individual chargers operating in the US by the end of 2025, according to its website. The company offers peak charging speeds of up to 350 kW, although not all Electrify America charging points can deliver that speed.
Tesla, meanwhile, has the largest global charging network, with about 17,000 superchargers at over 1,700 locations in the United States, but only for its own brand.

Other notable EV charging operators are EVGo, Francis Energy, EVConnect, EVCS, and Blink.

Masooma Haq
Masooma Haq
Author
Masooma Haq began reporting for The Epoch Times from Pakistan in 2008. She currently covers a variety of topics including U.S. government, culture, and entertainment.
Related Topics