- EV charging stations face rising cyberattacks, threatening sensitive data and power grids.
- Fast chargers in public areas are prime targets for man-in-the-middle attacks.
- Companies must adopt Zero Trust and robust software updates to combat this growing threat.
As the number of electric vehicles (EVs) on the road increases, a new challenge arises: protecting the charging infrastructure from cyberattacks.
With Europe expecting 30 million electric vehicles by 2030, cybercriminals have focused their efforts on exploiting flaws in these interconnected charging networks.
Cybercriminals quickly recognized the potential for targeting these stations.
According to Clubic, attacks on automotive application interfaces (APIs) have increased by 380%. In addition, a Check Point report shows that ransomware attacks on charging kiosks have increased by 90% in the last year.
These figures highlight the growing threat to EV infrastructure, which, if not addressed, could have a significant impact on the adoption of electric vehicles.
Charging stations: A growing cyber target
We reported a month ago on the growing trend of cybersecurity flaws in electric vehicles, but it appears that cybercriminals prefer charging stations instead.
It's not like these hackers all own Tesla cars; it's the fact that electric vehicles and charging stations function as walking computers that entices them to exploit.
EV charging stations, particularly fast-charging setups located in congested public areas, have become prime targets.
Hackers use man-in-the-middle (MitM) attacks to intercept communication between the vehicle and the charging station, allowing them to steal sensitive information such as payment data or disrupt charging sessions.
As Check Point pointed out, hackers crippled several kiosk networks in 2022, forcing operators to pay large ransoms to regain control.
Yoav Levy, CEO of Upstream Security, has warned that the problem extends beyond individual vehicle risks. “The first risk is a denial of service, which means you can't charge your car.
The bigger risk, however, is that your EV's communication with the station can be hacked, potentially disrupting the grid itself,” Levy stated.
Subscribe to our newsletter
V2G (Vehicle-to-Grid) technology, which allows electric vehicles to return energy to the grid, also raises the risk.
Hackers could potentially cause unauthorized energy transfers, resulting in widespread power outages.
“Someone could theoretically take control of entire fleets of charging stations, create fake energy demands, and crash the grid,” he pointed out.
Modern day problems require modern day solutions.
With the growing complexity of cyberattacks, many experts advocate for more sophisticated cybersecurity measures.
One key recommendation is Zero Trust architecture, which requires all network users and devices to be authenticated at all times.
This strategy, combined with continuous monitoring for unusual activity, significantly reduces attacker access to critical systems.
Software updates are also very important. Through keeping systems up to date with OTA (Over-The-Air) updates, operators can fix vulnerabilities faster, giving hackers fewer opportunities to exploit network flaws.
More companies are turning to managed security service providers (MSSPs) like IBM Security, Palo Alto Networks, and Fortinet for real-time monitoring and incident response.
Compliance with standards such as ISO 15118, which governs secure communication between electric vehicles and charging stations, is increasingly important as the industry evolves.
However, as the demand for electric vehicles grows, so will the need for faster and more dependable security protocols.
Cybercriminals are already on it
This is not merely a hypothetical threat. Cybercriminals have already demonstrated the ability to compromise EV charging networks.
According to NoCamels, following Russia's invasion of Ukraine, hackers disabled several charging stations on the Moscow-St. Petersburg highway by displaying pro-Ukrainian messages on their screens.
Another incident in 2021 involved a security flaw in a UK charging provider's app, which exposed sensitive customer data such as names, addresses, and charging locations to over 140,000 users.
Researchers later discovered flaws that enabled hackers to remotely control the chargers, turn them on or off, and even prevent the owner from accessing their vehicle while charging for free.
These are just a few of many examples. The real danger is the possibility of full-scale ransomware attacks, which could disable entire charging station networks.
To restore their systems, operators may be required to pay millions of dollars in cryptocurrency.
And the chaos wouldn't end there; once hackers gained access to the network, the power grid itself could be jeopardized, resulting in catastrophic outages.
More electric vehicles, higher risk
As more electric vehicles enter the market, the security risks surrounding charging stations will only grow.
The United States alone has 2.5 million electric vehicles, with many more expected in the coming years.
In 2022, the UK mandated the installation of charging stations in all new residential buildings, increasing the number of targets for cybercriminals.
Hooman Shahidi, CEO of EVPassport, a charging network provider, stated that these stations must be treated as critical infrastructure.
EV charging stations are essentially Internet of Things (IoT) devices that communicate with payment systems, vehicle data, and the power grid, making them prime targets for hackers.
The industry is currently on high alert. Security researchers from Check Point and SaiFlow have identified several significant issues.
These include inadequate internet connectivity protections, ineffective encryption, and a lack of network segmentation.
These gaps provide ideal conditions for hackers to exploit, whether they are attempting to steal data or disrupt energy systems.
Aaron Rose of Check Point Software noted that charging stations do not always use traditional firewalls, making it easier for hackers to access personal information.
These flaws could result in data theft, remote code execution, or even unauthorized access to the vehicle's controls.
Bottom line
Cyberattacks on EV charging stations started years ago, with some of the first high-profile incidents occurring during the Russian-Ukraine conflict.
Shell recently had to patch a network vulnerability that had the potential to expose millions of charging logs.
As the electric vehicle market grows, so will the risks. The growing number of charging stations makes them a more appealing target for hackers, who are always looking for their next big score.
The industry's challenge will be to stay ahead of these threats while also ensuring that EV charging stations remain secure and reliable for the millions of drivers who rely on them.