Spikes in the prices of fossil fuels have provided yet another incentive for consumers to move towards electric vehicles (EVs). Alongside that trend is the pressing requirement to have a charging infrastructure which provides enough capacity to satisfy this need. In this article we will explore how EV charging platforms are being architected and deployed while answering a question seldom asked – what security holes are being opened?
Are EV Charging Platforms Already Being Targeted?
The simple answer to that is yes. Typically what we see when new digital services such as EV charging come online is that initially there are a few attacks, mainly by independent researchers. These gain some publicity and although any issues raised normally get dealt with by the providers, it is often stated that the scenarios exposed are ‘academic’ so they may be taken seriously from a marketing perspective but not from a technical perspective.
Although it may sometimes be difficult to see how the early attack vectors which are identified would result in a meaningful gain for a hacker, in my opinion it’s more common that you think that the exposed security hole is real. In other words, even if it is ‘academic’ it is still indicative of non-optimal security practices within the vendor’s operation. As such these reports should absolutely be taken seriously.
Let’s look at some recent examples of reported attacks against EV charging platform and see what trends we can see:
- In August 2021, researchers found vulnerabilities in 5 of the 6 EV charging platforms that they tested, including one that could enable a home charging station to become a route into the associated home network.
- In November 2021, researchers announced they had found a vulnerability in the mobile app of a charging provider which enabled the exposure of the details of 140,000 users of that service.
- In January 2022, researchers completed a comprehensive assessment of the security of 16 EVCSMS (Electric Vehicle Charging Station Managing Systems), uncovering a plethora of issues in their firmware, mobile apps and web apps.
- In March 2002, at the start of the war in Ukraine, EV charging stations in Russia were hacked…