Even though Tesla’s recent sales numbers painted a positive picture for the often beleaguered company, it’s still very early days for the electric vehicle market. The availability of EV charge points has been cited as a key obstacle in EV sales growth, but one researcher recently pointed to the newer generation of smarter charge points, meant to make EVs more attractive by offering features such as the ability to monitor or schedule charges via smartphone, or pay by touchless smart card, as also being a possible area of serious technical vulnerability. According to security analyst Ofer Shezaf, enterprising hackers could gain access to smart EV chargers and obtain access to logins, payments, hack into city or utility systems that run the chargers, or shut down parts of the networks themselves.
Shezaf, who presented the results of his research into EV charge point weaknesses last month at the Hack in the Box conference in Amsterdam, says, like many new infrastructure technologies, the connectivity that makes the newest EV charge points “smart,” also renders them vulnerable at the moment. The future risks could be substantial in a country such as the Netherlands, which has seen eightfold growth of EV use in just one year, and is banking on EV charging networks as an important tool in getting drivers to switch to cleaner, cheaper EVs.
In some cases, hackers could simply unlock a charge point with a key, plug in an Ethernet cable and browse away with a laptop in the same way one might talk to a wi-fi router on a home network, Shezaf said.
Other technologies for networking and access being built into smart charging networks such as radio-frequency identification, or RFID, allow drivers access to power with a touchless card, are known for security weaknesses. Like using a default or easily guessed password online, these systems could be broken into with little effort. Some charging systems use cellular data connections or even wifi to connect to other stations or to be accessed for maintenance, also opening doors for hackers.
Other basic scenarios that could disrupt EV charging networks include electronic eavesdropping on the charging networks’ communications and potential access to utilities’ internal networks. By listening to the chargers’ data networks through a compromised station, hackers could gain access to additional passwords, customer data, or potentially work their way to the internal databases on those running the networks, getting access to other parts of the power utility.
Theft of power from the systems, or even theft of payments from the networks, is also possible. Similar vulnerabilities have been found in US smart parking meter systems, as well as a regional US subway system that allowed payments to be compromised and access hacked.
At the extreme end of the scale, so-called “denial of service” attacks that could take down parts of national charging networks, said Shezaf, in much the same way hackers have taken down important financial or utility services by overwhelming them with bogus network traffic. Given the short charging ranges of many EVs and the need to juice up EV batteries almost daily, Shezaf pointed out the scale of disruption possible: “Imagine no electric car can charge for a day when they are 30% of a national fleet!”
To date, charging network providers appear to be spending more time securing their customers use of the networks through special membership cards and placing them in well-lit public areas than locking down the systems themselves. Shezaf says this is because the technology is new, but highlights that this is precisely the time to look at security, before it scales up to whole cities and countries.
As more connected urban systems—including wired bike sharing networks and other new transportation systems, information kiosks, and the like—emerge, there are more windows of exposure for government and private companies that operate them. Like any other technology-based system, smart cities and the services they offer, like convenient EV charging, are likely to continue to have a soft underbelly.