Electric Vehicles and Cybersecurity – Defending the Charge
No matter how you look at it, electric vehicles are here to stay. Major manufacturers, from Honda to GMC, are planning for a combustion-free future, while over a dozen states plan to halt gas-powered car sales by 2035. Add to that the growing range of EV incentives encouraging EV adoption and a nationwide charging network, and it’s not hard to see what the future looks like.
And while EV adoption doesn’t pose as many risks as other modes of transportation, one factor is likely to become more of a concern in the near future: cybersecurity. In this article, take a closer look at potential cybersecurity risks for the EV industry and drivers, what’s being done to mitigate them, and a few precautions you can take.
Cybersecurity and EVs: Why Are They at Risk?
All cars, whether they have electric or internal combustion engines, have been equipped with computers called engine control units since the early 1990s. The major difference is that in an EV, every component, system, and subsystem is digitally linked to this computer to enhance its efficiency and the driver’s control.
What’s more, EVs are linked to the expanding nationwide public charging system through everyday usage as well as a growing list of EV charging apps. The biggest cybersecurity risk involves modification of or tampering with chargers to deliver malware into onboard computers, damage the vehicle, or take control of it.
Thankfully, actual EV hacking incidents are rare, but the risk is real. In March 2021, for example, Ukrainian hackers broke into a Russian EV charging network and claimed to have stolen large amounts of personal and financial information. While no such incidents have occurred in the U.S., it may be only a matter of time before an attempt is made.
Potential EV Cybersecurity Hazards
Hackers work by exploiting weaknesses and security loopholes in digital systems. In EVs and EV infrastructure, that means they’ll look for software and components that provide access to and control over systems like braking, power storage, and charging.
Using these entry points, a malicious actor could harvest sensitive personal and financial data, gain control of vehicles without authorization, or even disrupt and seriously damage power grids.
If someone installed malware on a charging station, they could then use it to access and seize control of a vehicle as soon as it’s plugged in to charge. The consequences could range in severity from individual vehicle theft to engineered traffic pileups.
This risk was discovered in 2020 when a researcher at Belgium’s Catholic University of Leuven found a way to overwrite the firmware for Tesla Model X key fobs. Using this method, someone could easily steal a vulnerable vehicle if it was running on outdated software.
Phishing is a form of cybercrime involving the use of fraudulent emails and text messages to trick recipients into giving up private information. Since EV charging stations often use contact information to confirm users’ identities, hackers could illegally obtain this same information and then use it for targeted phishing attacks.
Moreover, EV manufacturers, like any company, are always at risk of phishing attempts. With so many individuals’ contact information stored in customer databases or on waiting lists for new models, malicious actors who access this data could then use it to target private EV owners.
EV charging stations, whether public or private, are typically supplied through local or regional power grids run by utility companies, which use software packages called energy management systems (EMSs) to monitor and optimize grids. If a hacker were to exploit a weakness in a charging station, they could access the EMS, using it to disrupt the power supply, steal data, interfere with payment systems, or steal energy.
What Can You Do to Protect Yourself?
Currently, there are no broad protections in place to defend charging networks, charging apps, or even private home chargers and vehicles from potential cybersecurity risks. While the federal government has unveiled its draft of a security plan for charging infrastructure, it may take several years for this and other preventive measures to be installed and activated.
Until then, there are a couple of things you can do to minimize your risk. The first is to use strong passwords and PINs. Many EVs come with keyless entry systems, which require a unique number to access. Passwords are also still the default method of protecting accounts for EV charging payment systems, company-owned customer profiles, and other sources of protected data.
Using a random assortment of characters and symbols, or a series of numbers unrelated to your personal information, can make it much harder to gain unauthorized access to your vehicle.
You can also protect yourself by carrying out regular software updates. EV makers regularly update the operating systems on which their products run, in part to compensate for security breaches and discover weaknesses that could be exploited.
If you update your EV’s software frequently and as soon as possible, you’ll minimize opportunities for hackers to tamper with your vehicle or download your personal data. While you’re at it, it’s also wise to avoid third-party software. Until a more comprehensive approach to EV cybersecurity is in place, the risks of using third-party apps and platforms are too great. Stick with the manufacturer’s proprietary products, or those they recommend, instead.
EV cybersecurity is rapidly evolving, and while there isn’t much in the way of protection yet, you can expect to see big changes in how EV drivers are protected in the near future. Until then, take a few basic precautions to reduce your risk, and sign up with evee Life to stay informed on the latest EV news and tips.
Eveelife is an eco-oriented lifestyle platform that helps consumers make more purposeful choices about how they live and what they consume. We do it by curating content and products that help them make more conscious, carbon-free choices while amplifying their EV ownership experience.