Just when you started getting your computers, smart phones, tablets and other internet-aware devices more secure, cyber security experts are now warning of yet another threat to our data security. This one comes by way of the rising visibility and availability of electric vehicle chargers, as increasing numbers of cars now need to be plugged in to top them off for the trip home.
A risk expert at cybersecurity firm Checkpoint Technologies, Pete Nicoletti, says the vulnerabilities introduced into the system by electric chargers will probably grow. Nicoletti, Checkpoint’s regional chief information security officer in New Jersey, notes that the Biden administration recently announced that Tesla will open its charging network to other automakers of EVs, boosting the infrastructure tremendously.
Checkpoint statistics indicate that cyberattacks rose by double digits in 2022 over 2021 in all sectors of the economy, with the biggest jump in education and research (up 43%) and government and military (up 46%), but attacks against the transportation sector were also up 41%.
Unlike traditional gasoline-powered internal combustion engines, or ICE as Nicoletti refers to them, electric vehicles (EVs) provide a point of connection from their internal computer systems through a charging station to the electric grid and an accompanying data network.
“You can actually affect the grid,” he said in a recent video interview. “You can actually knock out a portion of the grid and you can affect all the hospitals and homes and everything that’s attached to the grid. So it’s a different risk.”
EV chargers are more vulnerable to cyberattacks because they are not monitored closely, he says. They are typically located in a remote area of a parking lot in a shopping center or convenience store complex and don’t have eyes on them constantly like gas pumps do. And they seem relatively easy to compromise because of the way they are constructed.
“The physical security of EV chargers is four screws,” Nicoletti said. “So four screws, I pop the access panel and I’m looking at the guts of the EV charger.”
With access to the charger’s circuitry, a malicious actor could turn off a car’s safety systems and, for example, force the charger to overcharge the battery.
Overcharging could lead to a fire or explosion. While this is a serious inconvenience to an electric car owner, Nicoletti points out that trucking companies and transportation systems are poised to replace large chunks of their ICE fleets with EVs in the next decade.
“If you can find a bug or you can hack them, you can significantly affect a huge chunk of our transportation segment,” he said.
Electric vehicle owners need to be alert to the conditions of chargers they use, noticing if screws are loose or other signs of disrepair. Hacked chargers could also be used to extract personal data from car systems or to corrupt a car’s navigation and assisted-driving programs.
Security certification standards are being developed for EV chargers, but few charger manufacturers have adopted them yet, Nicoletti said.
Until the system is hardened, consumers need to apply the same security tips to their vehicles as they do to their computers, he said, including ensuring that any car system updates are applied whenever you are notified of the update, using strong passwords for access to accounts related to the vehicle, and checking credit card statements for suspicious or unauthorized charges related to EV charger use.
You can watch the complete TV interview with Pete Nicoletti at statebroadcastnews.com/2023/03/01/ev-security/
Email steve@compuschmooze.com with questions about cybersecurity. Follow @PodcastSteve @ newsie.social on Mastodon.
Leave a Reply