Given that EV chargers must be connected, securing them is important. However, research by Sandia National Laboratories indicates that thus far, EV charger companies haven’t done the best job at protecting their systems. Researchers investigated a variety of attack vectors and vulnerabilities and found many areas where existing systems were simply not up to scratch.
Vehicle-to-charger interfaces were studied as a primary target. EV chargers generally communicate with vehicles over signals passed through the charge cable. This communication involves negotiation on power levels and charge time, among other details. However, it could also be a path for malware to infect an EV charger if the vehicle’s responses aren’t handled properly or sanitized. Researchers found that not only could data be sniffed from these connections, but that a low-powered attack with a software-defined radio (SDR) could stop a vehicle’s charging session from up to 47 meters away. These interfaces are often completely unencrypted, too, leaving them vulnerable to man-in-the-middle and spoofing attacks.
The user interfaces of EV chargers are also vulnerable. The simplest attacks mirror those used at gas pumps, where card readers are fitted with skimmer devices to capture card data. Other straightforward hacks include RFID cloning attacks for systems that rely on those for payment and account management. The smartphone apps used by charging networks can also be a target for hackers.
Recent Comments