February 16, 2022 at
Cybersecurity researchers have reported vulnerabilities in the charging networks of electronic vehicles (EVs). The researchers have stated that these vulnerabilities can be exploited to enable the hacker to “power-jack” the chargers and access user data.
Moreover, the attackers can compromise the national grid through these vulnerabilities, disrupt services and even cause power failure.
Vulnerabilities on electronic vehicles
The use of electronic vehicles has been on the rise recently, and this has presented an ideal opportunity for hackers. The use of EVs is expected to increase in the coming years, and while this could be a good thing in lowering carbon emissions, it could result in a rise in hacking attacks.
Researchers from the Concordia Institute for Information Systems Engineering (CIISE) in California have pointed to risks in the EV charging networks. The researchers have deemed it critical for the operators of the networks to patch the vulnerabilities to boost user security.
Chadi Assi, a professor at CIISE and the supervising author of the research paper, opined that EV usage would increase in the future. However, the increase in EV usage would be hindered by potential threats to the charging infrastructure, and such vulnerabilities could deter users from buying electric cars.
In the paper, the researchers have pointed to the different techniques used to test the vulnerabilities of these systems. These techniques are reverse engineering and penetration testing. The paper says these tests are a “first-of-a-kind comprehensive security and vulnerability analysis.” The analysis assessed several EV chargers created by some of the largest manufacturers in the industry.
The paper did not mention the details of the 16 manufacturers whose EV chargers were assessed during the testing phase. However, it has been confirmed that there are vulnerabilities in the firmware used for the charger. The vulnerabilities also extend to the software, including the mobile and websites used in accessing the charger networks.
Moreover, the threat increased with the researchers saying that not just one charger would fall to the exploitation, but all of them. They could all be loaded with malware that could control the chargers remotely. Additionally, the malware could give the attacker access to user data. Multi-charger denial-of-service attacks could also be conducted, shutting down the entire charging system.
If the attacker managed to gain access to multiple chargers simultaneously, they could gain access to a larger network that will overload the power grid. This could create blackouts affecting cities and disrupting services. This poses a major threat to the national power grids, and with the rising usage of EVs, such attacks grow bigger.
Researchers provide solutions to EV charger vulnerabilities
The research paper has also provided solutions to the vulnerabilities on the EV charger networks, which is a piece of good news. One of the researchers’ strategies is the installation of strong authentication methods. These security strategies include setting up strong passwords using stronger firewalls that will boost the security of the networks.
While the above are simple strategies that can be done on the user’s end, there are instances where the company will be needed to step in and offer solutions that will solve a more complex problem.
The paper’s lead author, Tony Nasr, noted that each vulnerability was unique. Each needed a high level of sophistication for it to be resolved. Therefore, all parties involved needed to step in for the highest level of protection to be guaranteed.
“Other, more technical issues are only solvable from the developer’s side. These typically require implementing more robust security checks and mechanisms into the management system. However, these patches necessitate a careful review and longer time to apply,” Nasr said.
The author also points to the increased usage of electric vehicles. The rise in usage contributed to a greater risk to these systems. The researchers are not the only ones pointing to the risk. One of the security vulnerabilities was detected by David Colombo, a teenage hacker. Colombo detected that he could exploit the vulnerability using a third-party program and access Tesla cars.
By exploiting the vulnerability, the hacker could control some features such as opening the doors and windows of the Tesla cars and deactivating Sentry.
Nasr said, “we have noticed that the attack surface – in this case, the number of EVs, charging stations and thus management systems – is growing. And the more this attack surface grows, the more potential there is for widescale cyberattacks to exploit and leverage them to conduct malicious activities.”