Electric Vehicles: The Hacking Risks 

Uploaded on 2023-10-16 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-Transport & Travel

With the world making strides to become more eco-friendly, electric vehicles (EVs) have sprung into the mainstream automobile market. Companies like Tesla, Rivian, Lucid, General Motors and Nissan have emerged as front-running innovators of this technology. 

As the world transitions from combustion-engine to electric vehicles, there are a host of risks to be mindful of - not just in the EV bour in the battery charging network and elsewhere.

Managing these risks will be important in order to grow trust in the EV sector, especially as many connected devices have not been designed with cyber security in mind or may not be optimally connected to reduce vulnerabilities and manage security. If a charging station is compromised a customer’s private information could be leaked, such as the time and location of the vehicle. Hackers can also disrupt the charging process and damage the battery, the most expensive part of an electric vehicle.

According to a report from Upstream Security, electric vehicle charging station-related breaches accounted for four per cent of cyber attacks on connected cars in 2022,

Today, there are around 1.2 billion cars on the world’s roads and 97% of them are internal combustion engine vehicles, contributing around 10% of global CO2 emissions. In many countries over the next 10 to 15 years climate targets are likely to translate into government policies banning or suppressing the sale of vehicles running on fossil fuels. 

DNV’s Energy Transition Outlook predicts that 50% of global passenger vehicle sales will be electric by 2033, with the market moving fastest in Europe and China. "Shipping, aviation and road transport today account for almost 25% of overall emissions. We forecast this to rise to 30% by 2050 although total emissions from transport almost halve.  “The central difficulty for transport is that much of it will remain fuel-dependent, even though 78% of all road transport will be electric by 2050,” says DNV’s Report.

By 2050, it is predicted that there will be around 2 billion passenger vehicles on the road, but emissions will fall dramatically from this sector as two thirds of cars on the road in 2050 will be battery electric, having outcompeted internal combustion engines due to high efficiency and low cost of fuel per distance travelled, together with supportive policies.

From a cyber security perspective, the transition is not one from internal combustion energy to battery electric, it’s from vehicles with digital extras to fully interconnected vehicles. 

Dozens of computers and hundreds of sensors operate and optimise brakes, electric flow, charging and many other functions within just one vehicle, always communicating with one another, and connecting via 4G and soon 5G networks to infrastructure, third-party services, and other vehicles. Such innovations in EVs have great potential to reduce emissions, increase safety, maximise efficiency and make personal transport a more comfortable experience.

But the technology and systems being developed and applied don’t always fully consider the security ramifications.

One example would be a control system that ‘sees’ the position of other cars, enabling vehicles to travel in clusters to save energy when they share a travel path. But this means sharing data vividly, and it creates a hefty attack vector. If the data is not anonymised, this could be used to track a person and their behaviour. EVs have complex system software that take care of many aspects of driving. If for whatever reason hackers gain access to the security codes your EV’s system, they could gain access to your personal information and can control of some functions remotely.

The good news is complex firewall systems will prevent the car from being taken over totally. EV hacking can affect functionalities like driver-assistance or the infotainment system. If your car computer has passwords or banking information on, that would be susceptible to hacking as well.

Attacks on infrastructure such as on satellites could affect EVs that depend on them. From another perspective, the proliferation of EV charging stations and related devices being connected to the grid is widening the attack surface.  This points to the operational security of EVs being more of an infrastructure issue, with the potential for power grids to be shut down.

From car manufacturers’ perspective, reputational and financial damage caused by a competitor or other actor is a more likely risk. Vulnerabilities could be exploited to cause comparatively minor operational issues affecting a vehicle’s charging, efficiency or range.  To manage this risk, manufacturers need to secure their supply chains and ensure the security of third-party vendors. This also presents an opportunity to gain competitive advantage through demonstrating credentials as the secure option.

Cyber security is an essential enabler for the rise of EVs and trust is a central feature to realising rapid growth in EV and all stakeholders need to trust that EVs are secure.

  • Drivers need to trust that EVs will have the range to get them to their destination and that they will have access to charging infrastructure. 
  • Manufacturers need to trust that supply chains can keep up and that supportive policies will continue. And policymakers need to trust that EVs are sustainable and contributing to societal aims like reducing emissions and local pollution. 

Cyber attacks on EVs are unlikely to bring roads to a standstill but we must be mindful of threats to related infrastructure and supply chains, as well as safeguarding personal data.

EV manufacturers should dedicate more effort to cyber security from multi-dimensional perspectives to design, build and maintain next-generation smart and connected systems. Simultaneously, users should be aware of proactive measures that can protect their vehicles and stay informed about how to keep their EVs secure, on and off the road.

RUSI:    IEEE Spectrum:   Goldsteram Gazette:    DNV:   Nevada Today:     BBC:    Wired:    EVHub:   

Image: A Krebs

You Might Also Read: 

Connected Cars - What  Does Your Car Know About You?:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« The Expensive Costs Of HIPAA Noncompliance & How To Avoid Them
The Israeli-Hamas Conflict Shows Cyber Warfare Is The New Normal »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ManageEngine

ManageEngine

As the IT management division of Zoho Corporation, ManageEngine prioritizes flexible solutions that work for all businesses, regardless of size or budget.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

Resecurity

Resecurity

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Feitian Technologies

Feitian Technologies

Feitian Technologies provides authentication and transaction security products for financial institutions, telecoms, government and leading business enterprises.

BakerHostetler

BakerHostetler

BakerHostetler is one of the largest law firms in the USA We have five core practice groups including a specialty practice team in Privacy and Data Protection.

Cyber Security Academy - University of Southampton

Cyber Security Academy - University of Southampton

An industry/University partnership established to advance cyber security through world class research, teaching excellence, industrial expertise and training capacity.

Planit Testing

Planit Testing

Planit is a leader in Quality Assurance and a specialist in software testing and training services.

OPSWAT

OPSWAT

OPSWAT is a software company that provides solutions to secure and manage IT infrastructure.

Cobalt Strike

Cobalt Strike

Cobalt Strike is penetration testing software designed to execute targeted attacks.

Fluency Security

Fluency Security

Fluency is the only Security Analytics & Orchestration (SAO) solution that automates correlation, detection, validation and ongoing tracking.

Managed Security Solutions (MSS)

Managed Security Solutions (MSS)

MSS deliver consultancy services and managed security services for IT departments who may lack the time, resources, or expertise themselves.

Virgil Security

Virgil Security

Virgil Security provides easy-to-deploy and easy-to-use cryptographic software and services for use by developers and end-users.

Core Sentinel

Core Sentinel

Australia's #1 Penetration Testing Service. Make Your Systems Fully Compliant With Our OSCE CREST/CISA Certified Penetration Testing.

Apollo Information Systems

Apollo Information Systems

Apollo is a value-added reseller that provides our clients with the complete set of cybersecurity and networking services and solutions.

PROW Information Technology

PROW Information Technology

PROW is at the forefront of the technology and digital revolution with a focus and mastery in the cybersecurity, information security and data management realms.

Scybers

Scybers

Scybers are a global cybersecurity advisory and managed services company. With our deep expertise, we help our clients reduce their cyber risks with confidence.

e-Xpert Solutions

e-Xpert Solutions

e-Xpert Solutions is a company specialized in the Information Security field since 2001. Our skills are strong technical expertise and the development of tailor-made solutions.

Single Point of Contact

Single Point of Contact

Single Point of Contact is a Managed IT Services provider that helps businesses to achieve a seamless and secure IT environment.

Foresiet

Foresiet

Foresiet is the first platform to cover all of your digital risks, allowing enterprise to focus on the core business.