Access and Feeds

Security: Add EV Charging Stations to the List of Cyber-Vulnerable

By Dick Weisinger

Anything that can connect to a public network is hackable. The weaknesses of IoT device security has been widely discussed. More recently, concerns about infrastructure have started to increase. And now, even electric vehicle (EV) charging stations have been found to be potential targets for attack.

President Biden set a goal for more than half of the autos produced in the US to be electric vehicles by 2030. But currently there are no standards for EV chargers. Bloomberg reports that the US currently has more than 100,000 public charging stations.

In May 2021, ransomware shut down fuel delivery on the US east coast by Colonial Pipeline. Brad Ree, chief technology officer for the ioXt Alliance, said that “think about how disruptive it was with ransomware shutting down oil being delivered to gas stations. Just imagine if all the gas stations connected to one common cloud point, what kind of target that would be.”

Testing at Southwest Research Institute (SwRI) found charging stations vulnerable to cyberattack. The team found that they were able to cause a charging station to stop charging well before a vehicle is fully charged. Austin Dodson, an engineer at SwRI, said that “the project effectively tricked the test vehicle into thinking it was fully charged and also blocked it from taking a full charge. This type of malicious attack can cause more disruption at scale.”

Another group, Positive Technologies also ran vulnerability tests against electric vehicle chargers. Paolo Emiliani, industry and SCADA research analyst at Positive Technologies, said that “exploitation of these vulnerabilities may lead to serious consequences. Attackers can actually block electric car charging and cause serious damage to the energy industry.”

Vulnerability testing run on home EV batter chargers found similar problems. Vangelis Stykas, security consultant at Pen Test Partners, said that “there’s something of an EV ‘gold rush’ going on as homes equip themselves with chargers and the public charging infrastructure offers more and more powerful charging. Basic API security has been missing, as has some basic secure hardware choice. Manufacturers have exposed users to fraud and/or prevented their cars from charging. They’ve also unintentionally created a method for others to destabilize our power grid.”

Digg This
Reddit This
Stumble Now!
Buzz This
Vote on DZone
Share on Facebook
Bookmark this on Delicious
Kick It on DotNetKicks.com
Shout it
Share on LinkedIn
Bookmark this on Technorati
Post on Twitter
Google Buzz (aka. Google Reader)

Leave a Reply

Your email address will not be published.

*

seventeen − 3 =