Cybersecurity Threats of EV Charging Stations
As electric vehicles become more popular, the risk of cyberattacks on charging stations grows. Learn more about the vulnerabilities of EV charging stations.
Join the DZone community and get the full member experience.Join For Free
According to Statista, In January 2022, there were almost 113,600 charging stations for electric vehicles in the United States. California has a large number of these charging stations, with nearly 41,300 public and private power outlets.
As the number of electric vehicles (EVs) on the road continues to grow, so does the need for public and private EV charging stations. While most EV owners charge their cars at home or work, there are still many times when they need to rely on public charging stations.
Unfortunately, public EV charging stations can become a prime target for cybercriminals. This is because these stations are often connected to the internet, which gives attackers a way to remotely access and control them. Additionally, many EV charging stations use unencrypted communication protocols, making it even easier for cybercriminals to intercept and tamper with data.
The public has already seen examples of attacks using electric charging stations to cause damage. This is frequently done through the Near-Field Communication (NFC) card that drivers use to pay their bills when they charge their vehicles.
In one study conducted by Carlos Alvarez College of Business, researchers discovered that there are 16 different EV charging systems and that 13 critical areas of security threats and vulnerabilities have been identified. According to the research, electric vehicle charging stations are vulnerable to cyberattacks, which may cause widespread disruption and damage.
In another study, Vangelis Stykas, a cybersecurity expert, discovered numerous security flaws among different brands that might have allowed a malevolent hacker to take user accounts over, block charging, and even turn one of the chargers into a "backdoor" into the owner's home network.
In his report, Stykas revealed that there had been an obvious lack of security assurance in the electric vehicle charger industry. He mentioned: “There's a notion of an 'EV gold rush' as houses add charging stations and the public charging network grows more powerful. API security has been inadequate, as well as some basic safe hardware options. Manufacturers have inadvertently opened doors for thieves to defraud and/or block their cars from charging. They've also unintentionally provided a method for others to destabilize our power grid.”
Some of the cybersecurity threats to EV charging stations include:
Distributed Denial of Service (DoS) Attacks
DDoS attacks are a type of attack that can render a system or network unavailable to users. In the case of EV charging stations, a DDoS attack could prevent users from being able to charge their vehicles. This type of attack is often carried out by flooding the station with requests or traffic, which overloads the system and causes it to crash.
Manipulation of Charging Data
Cybercriminals can target EV charging stations by manipulating the data that is used to track and bill customers for their usage. This can be done by tampering with the meters that track the amount of power being used or by changing the rates that are charged per unit of electricity. In some cases, attackers can remotely control charging stations in order to turn them off and on at will, which can cause major disruptions for EV owners.
Malware is a type of software that is designed to damage or disable a system. In the case of EV charging stations, malware can be used to corrupt the software that controls the charging process, which can lead to inaccurate billing, data loss, or even system failures.
While most attacks on EV charging stations are carried out remotely, there have been cases of physical tampering as well. In some cases, criminals have been able to gain access to the control panels of charging stations in order to change the settings or disable the system entirely. In other cases, they have simply cut the power cables in order to prevent users from being able to charge their vehicles.
Social Engineering Attacks
Social engineering is a type of attack that relies on tricking people into disclosing sensitive information or performing certain actions. In the context of EV charging stations, social engineering attacks could involve impersonating a station employee in order to gain access to the system, or sending fake emails that appear to be from the station in order to trick users into providing their personal information or credit card details.
The best way to protect against these types of attacks is to make sure that your EV charging station is properly secured. This includes ensuring that it is properly physically protected, as well as installing up-to-date security software and implementing strong security policies. Additionally, it is important to be aware of the signs of an attack so that you can report it to authorities and take steps to mitigate the damage.
Opinions expressed by DZone contributors are their own.