top of page

Cyber threats to electric vehicle charging points could cause delays in roll-out

Experts have warned that if the cyber security of electric vehicle charging points is neglected, green travel initiatives may suffer.


Governments all over the world are pushing for the adoption of greener technologies in order to combat climate change and reduce their reliance on hydrocarbons.


For example, Norway has installed 17,000 charging stations, and the US Department of Transportation recently announced a $5 billion plan to build a new network of EV charging stations.


While manufacturers ramp up production of new electric vehicles, the industry is not doing enough to address cyber security concerns surrounding what are essentially IoT (Internet of Things) devices.


When users charge their vehicles, a data connection is established between the vehicle and the EV hub. Charging stations are internet-connected and, like any other IoT device, are vulnerable to cybercriminals' actions. If a threat actor gains access to a charging hub, the following consequences may occur:


Risk to User Safety: A hacker could theoretically gain access to a vehicle's engine management system via an EV charging point and either compromise safety, performance, or disable the vehicle entirely. Consider if the vehicle in question was an ambulance: delays could endanger lives.


Compromise the EV Charging Network: By exploiting a single vulnerability in a single device, hackers could bring down an entire network of charging hubs. This could result in revenue loss for the operator as well as significant disruption to the road network.



Commercial loss: In addition to shutting down an EV hub network, hackers could gain access to the operator's management software and drop ransomware, causing financial and reputational harm. Furthermore, many commercial fleets are converting to electric power, and a hacker with a laptop could shut down an entire delivery operation.


Payment systems: Threat actors may compromise the payment system at an EV hub, resulting in financial loss for the driver or network operator.


Threat actors are accelerating the scale and sophistication of their attacks. Research recently reported a 59% global increase in ransomware attacks alone, while the UK transportation industry experienced 979 cyberattacks per week on average over the last six months.


As a result, it won't be long before the potential to exploit EV charging stations is recognised, so protecting newer, greener technologies is critical.


Climate change and the need to reduce our reliance on oil highlight the need to transition to greener modes of transportation.


Concerns about cyber security could be another impediment to the future growth of the electric vehicle market, so the industry must take the threat seriously.


Unsecured charging devices provide an open door for increasingly sophisticated threat actors, but there are proven IoT security solutions available to prevent such attacks and encourage the development of sustainable travel.

 

Reporting

Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to report@phishing.gov.uk. Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).

 

Comentários


The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.

 

EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page