By Irina Slav
When GM earlier this year started recalling Bolts, it issued a warning to owners of the EV: don’t charge your car battery to 100 percent. Normally, this would be easy enough to do. But what if your charger got hacked?
Last year, researchers from the Southwest Research Institute in Texas successfully hacked the most popular charging system used in North America. The hack limited the charging rate, then blocked charging, and then overcharged the battery. The reason for the hack: “This was an initiative designed to identify potential threats in common charging hardware as we prepare for widespread adoption of electric vehicles in the coming decade,” according to lead researcher Austin Dodson.
Earlier this month, UK cybersecurity firm Pen Test Partners said that it had found cyber vulnerabilities in six home EV chargers and a large public charging network. Some of the vulnerabilities were no small potatoes.
Among the findings of Pen Test Partners was a vulnerability that could potentially make possible the hacking of millions of EV chargers simultaneously and another that exposed user and charger data for the hacker to use.
Perhaps the most dangerous vulnerability that the cybersecurity experts uncovered, however, was the possibility for a hacker to take control over millions of chargers.
“As one could potentially switch all chargers on and off synchronously, there is potential to cause stability problems for the power grid, owing to the large swings in power demand as reserve capacity struggles to maintain grid frequency,” the firm said.
EVs have been touted as the future of transportation. Governments in Europe and North America are allocating billions in financing that focuses precisely on public charging networks. Yet, there is little talk about the cybersecurity implications of having a huge network of hundreds of chargers that can be hacked.
Public chargers are the riskiest, it seems. While one could hack a home charger, they would only gain access to that device and possibly the home network of that household. If they hack a public charger, they could gain access to the whole network, explains Baksheesh Singh Ghuman, Senior Director of Product and GTM Strategy at Finite State, a cybersecurity firm that specializes in connected devices.
Gaining access to data is one risk associated with the vulnerabilities of EV chargers. Another is even more straightforward: electricity theft. If a hacker breaches a public charger, they could siphon electricity off it and make someone else pay, says Singh Ghuman.
Attacks on home chargers can be serious, too, despite their much more limited focus. Since both EVs and EV chargers are connected devices, hacking the charger could grant the attacker access to things like passwords and other credentials.
And that’s not even the worst that can happen.
“Threat actors can also gain control of the electric vehicles themselves, which includes control over steering, brakes, acceleration, and other functions which could result in an accident,” Singh Ghuman told Oilprice. “They would have the ability to listen in on phone conversations held within the car and steal personal data from the vehicle’s connected network too.”
Everything is hackable, cybersecurity experts have warned repeatedly, from a corporate computer system to a pacemaker. And cybercriminals are often ahead of their opponents in the game of cat and mouse, forcing governments and cybersecurity service providers to often catch up.
Luckily, in the wake of the latest massive hack attacks in the U.S., action is being taken. A recent executive order by President Biden will oblige manufacturers of hackable equipment to start implementing more stringent cybersecurity standards, Singh Ghuman says. It is important to act preemptively and remove as many vulnerabilities as possible as early as possible.
A lot of hopes are being pinned on electric vehicles as a crucial element of the low-carbon economy of the future. Automakers are spending billions on their shift to EVs, and one could only hope some of that money is being spent on guaranteeing the cybersecurity of the vehicles. It should be, given how much is at stake. And with carmakers already aware of the challenges they face in promoting their EV models as the better cars, they need to be exceptionally wary of the possibility that the hackability of an EV could very well become a monumental issue alongside range anxiety.
Chargers are even more important. If a hacker can make several hundred chargers switch on and off when the hacker tells them to, that becomes a problem for the grid. And if a larger-scale attack can be launched, the situation would become a lot more serious.
There are already concerns about the addition of millions of EVs to city grids that were not built for this sort of electricity demand. Investments in the upgrade of grids so it can take the additional demand are seen at between $1,630 and $5,380 per EV, according to Boston Consulting Group. And that’s for EV penetration rates of 10-20 percent. The more EVs are added, the more money will need to be spent to keep the grid stable.
The EV revolution is becoming a challenging endeavor in more aspects than one. The cybersecurity theme needs to be at the center of the EV discourse. The threats might be potential for now but let’s remember: everything can be hacked.