As electric vehicle sales pick up steam worldwide, EV charging stations are emerging as an enticing target for hackers.
Chargers provide a new opportunity for “hackers looking for ways to make money,” warns Yoav Levy, CEO of Upstream Security, an Israeli provider of automotive cybersecurity platforms.
“On one hand, chargers are connected to the grid, and on the other hand, they’re connected to your car,” Levy said.
High-profile incidents of hacked charging stations around the world have spotlighted the vulnerabilities. Three charging points on the Isle of Wight in England were hacked to show pornography on their screens, according to a report last month by BBC News.
In February, EV charging stations along a major highway between Moscow and St. Petersburg in Russia were disabled by hackers protesting the country’s invasion of Ukraine. The chargers’ screens reportedly displayed a vulgar insult directed at Russian President Vladimir Putin, among other pro-Ukraine and anti-Russia messages.
Levy said attacks on charging stations are on the rise and will become more common in the months ahead. Hackers can target chargers for ransomware attacks, locking users out of charging until they pay money. They might also hack into the charger to avoid paying fees for usage.
“We’re already starting to see the first hacks, and I’m sure there are plenty of cases that have happened that haven’t been published,” Levy told Automotive News ahead of the EcoMotion mobility conference in Tel Aviv, Israel, next week.
Cyberattacks in general are on the rise in the auto industry, especially as vehicles become more connected to drivers’ smartphones and other devices. According to research by Upstream, the majority of cyberattacks in the industry were carried out by “black hat” hackers who illegally tapped into a system for the first time in 2021.
Until last year, attacks were carried out mostly by “white hat” hackers, those who work with companies that are looking to find vulnerabilities in their systems.
Attacks are increasingly being carried out remotely, Levy said. More than 80 percent of all cyberattacks worldwide in 2021 were done remotely by hackers, compared with hacks that involved physically connecting with a vehicle in some way, according to Upstream.
“Cybercriminals can make money off of this now,” he said. “They want to make money in the easiest way they can. If they need to physically connect to vehicles, that can be difficult. But if they can find ways to hack remotely, this is how they can build scale.”
The possibility of making bigger money could mean hackers will turn more attention to large EV fleet charging centers, Levy said.
“Is a consumer going to pay ransomware to release their charging station at home? I don’t think so,” he said. “But if you have a fleet, or if this is your business, then you face a bigger risk.
“Think about a delivery company — and just before Christmas, your entire fleet is shut down. How disruptive would that be?”
Because charging stations are connected to local electrical grids, hackers also could attempt to use them as an entry point into the grid. In that case, individual charging station vulnerabilities could be considered a national security risk, Levy said.
“You see huge investments in the U.S. around charging capabilities,” he noted. “We think governments should also make sure they are securing their grids, securing their vehicles and securing their infrastructure as part of that.”
Levy said it will be important for automakers and charging providers to establish secure protocols and secure connections between the chargers and the vehicles.
“Vehicles are connected, and the biggest risks OEMs have now are remote hacks,” he said. “Someone can sit in North Korea or China or Russia and hack vehicles, and not just single vehicles. They can go after whole fleets.”