top of page

Fuel fiasco sparks concerns over electric vehicle cyber security

As Britain’s motorists clog up forecourts as they go out of their way to get fuel amidst this so-called fuel crisis, electric vehicle owners are looking pretty smug right now. But beware, because where there’s technology, there be hackers!

Drive past any forecourt today and you’re likely to see motorists queuing for fuel, filling up jerry cans or being turned away from stations that have run dry.

It’s been reported that some desperate drivers even took to filling containers not suitable for petrol, including plastic bottles and a plastic bag!

The situation is ludicrous, with fighting and arguments breaking out on some forecourts, and a racist incident involving a taxi driver reported to police.

So, while those of us powered by fuel are facing uncertainty over whether we have enough juice to get us through this mess, those who are powered by electricity are shaking their heads in disbelief and laughing quietly to themselves as they whisk by.

But, engineers at the Southwest Research Institute in San Antonio, Texas, have conducted an experiment on electric vehicle charging points and discovered that they can interfere with the charging process of an electric vehicle (EV) by simulating a malicious attack as part of an automotive cybersecurity research initiative.

The SwRI team reverse-engineered the signals and circuits on an EV and a J1772 charger, the most common interface for managing EV charging in North America. They successfully disrupted vehicle charging with a spoofing device developed in a laboratory using low-cost hardware and software.

"This was an initiative designed to identify potential threats in common charging hardware as we prepare for widespread adoption of electric vehicles in the coming decade," said Austin Dodson, the SwRI engineer who led the research.

"The project effectively tricked the test vehicle into thinking it was fully charged and also blocked it from taking a full charge," Dodson said. "This type of malicious attack can cause more disruption at scale."

The research focused on J1772 Level 2 chargers, but SwRI is evaluating future testing of Level 3 chargers and penetration of other devices used on fleet vehicles and electric scooters.

As automotive consumer and manufacturing trends move toward widespread vehicle electrification, market share of EVs is expected to grow to 30% by 2030, according to the International Energy Agency (IEA). The cybersecurity-related issues of charging infrastructure will become increasingly important as demand for EVs grows.

"Discovering vulnerabilities in the charging process demonstrates opportunities for testing standards for electric vehicles and charging infrastructure," said Victor Murray, an SwRI engineer and team lead in the Critical Systems Department.

And while there’s no suggestion that EV owners should panic just yet, the research does highlight vulnerabilities in the framework which could be exploited.

This news comes as cities all over Britain are introducing more and more charging points, including here in the East Midlands, where new charging points have been installed across Lincoln as part of what the city's council claims to be its "commitment to addressing the challenge of climate change."

Councillor Bob Bushell, who is the portfolio holder for 'addressing the challenge of climate change' at the City of Lincoln Council, said: "These new EV charging points are a welcome addition to the city, and highlight our commitment to promoting sustainable travel.

"We continue to lead by example, supporting, enabling and empowering the local community to implement ways to reduce their own impact on the environment."

So while the fight for fuel and climate change are both real right now, and as the world moves towards electrification of our roads, let’s hope EV tech can fend off any potential future attacks from hackers.



Report all Fraud and Cybercrime to Action Fraud by calling 0300 123 2040 or online. Forward suspicious emails to Report SMS scams by forwarding the original message to 7726 (spells SPAM on the keypad).



The contents of blog posts on this website are provided for general information only and are not intended to replace specific professional advice relevant to your situation. The intention of East Midlands Cyber Resilience Centre (EMCRC) is to encourage cyber resilience by raising issues and disseminating information on the experiences and initiatives of others. Articles on the website cannot by their nature be comprehensive and may not reflect most recent legislation, practice, or application to your circumstances. EMCRC provides affordable services and Trusted Partners if you need specific support. For specific questions please contact us by email.


EMCRC does not accept any responsibility for any loss which may arise from reliance on information or materials published on this blog. EMCRC is not responsible for the content of external internet sites that link to this site or which are linked from it.

bottom of page