Hackers targeting EV changing stations

Electric vehicle chargers are the next target for job creation in India. The Indian government has set a goal of installing 500,000 electric vehicle chargers by 2030, and this will require a significant investment in human capital.

Last year, global sales for electric vehicles increased by 60% worldwide and one in every seven passenger cars purchased globally was an EV. In contrast, just five years earlier, only one in every 70 cars bought was an electric vehicle. In India, EV sales hit 1.17 million units in FY2023 which reflects the adoption fervour. Consumer demand for EVs is at an all-time high, but the growth of this sector may mean unprecedented security challenges. Experts predict that the EV Chargers pose an unprecedented risk.

The industry is in the midst of a rapid expansion phase. New EV charging stations are popping up in parking lots and on street corners the world over. However, the new installations could prompt cyber attackers to target EV charging networks, the vehicles themselves, and/or the connected power grids. Even here in India, the Indian Computer Emergency Response Team (CERT-In) has received reports of vulnerabilities in products and applications related to electric vehicle charging stations.

The Minister of Road Transport and Highways of India, has said that as electric vehicles become more popular, it is important to recognize that electric vehicle charging stations are also susceptible to cyber-attacks and security incidents, just like any other technological application.

For many connected devices, the race-to-market has translated to cyber security measures that were ‘bolted on,’ but not ‘built in’. In other words, cyber security was largely an afterthought. In the case of electric vehicle chargers, that’s a particularly unsettling prospect, as EV chargers are interlinked with other infrastructure.

“EVSE [Electric Vehicle Supply Equipment] is supported by electronics, both for charging the vehicle and facilitating communications, so EVSE is susceptible to cyber security vulnerabilities and attacks. EVSE also ties together two critical sectors — transportation and energy (specifically, the grid) — that have never been connected electronically before. This creates the potential for attacks that could have significant impacts in terms of money, business disruptions and human safety.”

Going forward, Cyberattacks that exploit EV charging station weaknesses may be able to cause power fluctuations and power outages, as attacks would suddenly alter the demands of EV charging networks. Alternatively, might a cyberattack completely disable EV charging infrastructure, stranding drivers? This would be similar to cutting off the fuel supply, which almost occurred on the East Coast of the U.S, during the Colonial Pipeline attack.

Over a million lines of code are embedded into many of today’s cars. Automotive software has never been more complex. Now, the challenge is how to secure all of it.