Electric Vehicles: The Hacking Risks 

Uploaded on 2023-10-16 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-Transport & Travel

With the world making strides to become more eco-friendly, electric vehicles (EVs) have sprung into the mainstream automobile market. Companies like Tesla, Rivian, Lucid, General Motors and Nissan have emerged as front-running innovators of this technology. 

As the world transitions from combustion-engine to electric vehicles, there are a host of risks to be mindful of - not just in the EV bour in the battery charging network and elsewhere.

Managing these risks will be important in order to grow trust in the EV sector, especially as many connected devices have not been designed with cyber security in mind or may not be optimally connected to reduce vulnerabilities and manage security. If a charging station is compromised a customer’s private information could be leaked, such as the time and location of the vehicle. Hackers can also disrupt the charging process and damage the battery, the most expensive part of an electric vehicle.

According to a report from Upstream Security, electric vehicle charging station-related breaches accounted for four per cent of cyber attacks on connected cars in 2022,

Today, there are around 1.2 billion cars on the world’s roads and 97% of them are internal combustion engine vehicles, contributing around 10% of global CO2 emissions. In many countries over the next 10 to 15 years climate targets are likely to translate into government policies banning or suppressing the sale of vehicles running on fossil fuels. 

DNV’s Energy Transition Outlook predicts that 50% of global passenger vehicle sales will be electric by 2033, with the market moving fastest in Europe and China. "Shipping, aviation and road transport today account for almost 25% of overall emissions. We forecast this to rise to 30% by 2050 although total emissions from transport almost halve.  “The central difficulty for transport is that much of it will remain fuel-dependent, even though 78% of all road transport will be electric by 2050,” says DNV’s Report.

By 2050, it is predicted that there will be around 2 billion passenger vehicles on the road, but emissions will fall dramatically from this sector as two thirds of cars on the road in 2050 will be battery electric, having outcompeted internal combustion engines due to high efficiency and low cost of fuel per distance travelled, together with supportive policies.

From a cyber security perspective, the transition is not one from internal combustion energy to battery electric, it’s from vehicles with digital extras to fully interconnected vehicles. 

Dozens of computers and hundreds of sensors operate and optimise brakes, electric flow, charging and many other functions within just one vehicle, always communicating with one another, and connecting via 4G and soon 5G networks to infrastructure, third-party services, and other vehicles. Such innovations in EVs have great potential to reduce emissions, increase safety, maximise efficiency and make personal transport a more comfortable experience.

But the technology and systems being developed and applied don’t always fully consider the security ramifications.

One example would be a control system that ‘sees’ the position of other cars, enabling vehicles to travel in clusters to save energy when they share a travel path. But this means sharing data vividly, and it creates a hefty attack vector. If the data is not anonymised, this could be used to track a person and their behaviour. EVs have complex system software that take care of many aspects of driving. If for whatever reason hackers gain access to the security codes your EV’s system, they could gain access to your personal information and can control of some functions remotely.

The good news is complex firewall systems will prevent the car from being taken over totally. EV hacking can affect functionalities like driver-assistance or the infotainment system. If your car computer has passwords or banking information on, that would be susceptible to hacking as well.

Attacks on infrastructure such as on satellites could affect EVs that depend on them. From another perspective, the proliferation of EV charging stations and related devices being connected to the grid is widening the attack surface.  This points to the operational security of EVs being more of an infrastructure issue, with the potential for power grids to be shut down.

From car manufacturers’ perspective, reputational and financial damage caused by a competitor or other actor is a more likely risk. Vulnerabilities could be exploited to cause comparatively minor operational issues affecting a vehicle’s charging, efficiency or range.  To manage this risk, manufacturers need to secure their supply chains and ensure the security of third-party vendors. This also presents an opportunity to gain competitive advantage through demonstrating credentials as the secure option.

Cyber security is an essential enabler for the rise of EVs and trust is a central feature to realising rapid growth in EV and all stakeholders need to trust that EVs are secure.

  • Drivers need to trust that EVs will have the range to get them to their destination and that they will have access to charging infrastructure. 
  • Manufacturers need to trust that supply chains can keep up and that supportive policies will continue. And policymakers need to trust that EVs are sustainable and contributing to societal aims like reducing emissions and local pollution. 

Cyber attacks on EVs are unlikely to bring roads to a standstill but we must be mindful of threats to related infrastructure and supply chains, as well as safeguarding personal data.

EV manufacturers should dedicate more effort to cyber security from multi-dimensional perspectives to design, build and maintain next-generation smart and connected systems. Simultaneously, users should be aware of proactive measures that can protect their vehicles and stay informed about how to keep their EVs secure, on and off the road.

RUSI:    IEEE Spectrum:   Goldsteram Gazette:    DNV:   Nevada Today:     BBC:    Wired:    EVHub:   

Image: A Krebs

You Might Also Read: 

Connected Cars - What  Does Your Car Know About You?:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« The Expensive Costs Of HIPAA Noncompliance & How To Avoid Them
The Israeli-Hamas Conflict Shows Cyber Warfare Is The New Normal »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

ZenGRC

ZenGRC

ZenGRC (formerly Reciprocity) is a leader in the GRC SaaS landscape, offering robust and intuitive products designed to make compliance straightforward and efficient.

SmartSearch

SmartSearch

SmartSearch is a leading online provider of Anti-Money Laundering and Fraud Prevention Services.

Armor

Armor

Armor provide managed cloud security solutions for public, private, hybrid or on-premise cloud environments.

CERT-EU

CERT-EU

CERT-EU is a permanent Computer Emergency Response Team for the EU institutions, agencies and bodies.

Advanced Software Products Group (ASPG)

Advanced Software Products Group (ASPG)

ASPG offers a wide range of innovative mainframe software solutions for Data Security, Access Management, System Management and CICS productivity.

Vysk Communications

Vysk Communications

Vysk is an award-winning mobile security firm that has developed the world’s most secure system for voice communication.

Safetica

Safetica

Safetica Technologies is a Czech software company that delivers data protection solutions for businesses of all types and sizes.

Salt Security

Salt Security

Salt Security protects the APIs that are the core of every SaaS, web, mobile, microservices and IoT application.

KanREN

KanREN

KanREN is a member based consortium offering custom, world-class network services and support for researchers, educators, and public service institutions in the state of Kansas.

LogicBoost Labs

LogicBoost Labs

LogicBoost Labs has the expertise, experience, funding and connections to make your startup succeed. We are always interested in new ways to change the world for the better.

NorthRow

NorthRow

NorthRow provides digital transformation compliance solutions to help businesses manage regulatory and financial crime risks.

Apura Cybersecurity Intelligence

Apura Cybersecurity Intelligence

Apura is a Brazilian company that develops advanced products and provides specialized services in information security and cyber defense.

Proximus Ada

Proximus Ada

Proximus Ada is the first Belgian center of excellence combining artificial intelligence and cybersecurity.

Rootly

Rootly

Rootly is an incident management platform on Slack that helps automate manual admin work during incidents.

ThreatER

ThreatER

ThreateER (formerly ThreatBlockr / Bandura Cyber) is a cybersecurity platform that provides active network defense by automating the discovery, enforcement, and analysis of cyber threats at scale.

The Hacking Games

The Hacking Games

The Hacking Games' Mission is to inspire, educate and mobilise a generation of ethical hackers to make the world a safer place.

Cyber Castellum

Cyber Castellum

Cyber Castellum is a cybersecurity consulting firm that specializes in the identification of security vulnerabilities in an organization’s technology landscape.