Electric Vehicles: The Hacking Risks 

Uploaded on 2023-10-16 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-Transport & Travel

With the world making strides to become more eco-friendly, electric vehicles (EVs) have sprung into the mainstream automobile market. Companies like Tesla, Rivian, Lucid, General Motors and Nissan have emerged as front-running innovators of this technology. 

As the world transitions from combustion-engine to electric vehicles, there are a host of risks to be mindful of - not just in the EV bour in the battery charging network and elsewhere.

Managing these risks will be important in order to grow trust in the EV sector, especially as many connected devices have not been designed with cyber security in mind or may not be optimally connected to reduce vulnerabilities and manage security. If a charging station is compromised a customer’s private information could be leaked, such as the time and location of the vehicle. Hackers can also disrupt the charging process and damage the battery, the most expensive part of an electric vehicle.

According to a report from Upstream Security, electric vehicle charging station-related breaches accounted for four per cent of cyber attacks on connected cars in 2022,

Today, there are around 1.2 billion cars on the world’s roads and 97% of them are internal combustion engine vehicles, contributing around 10% of global CO2 emissions. In many countries over the next 10 to 15 years climate targets are likely to translate into government policies banning or suppressing the sale of vehicles running on fossil fuels. 

DNV’s Energy Transition Outlook predicts that 50% of global passenger vehicle sales will be electric by 2033, with the market moving fastest in Europe and China. "Shipping, aviation and road transport today account for almost 25% of overall emissions. We forecast this to rise to 30% by 2050 although total emissions from transport almost halve.  “The central difficulty for transport is that much of it will remain fuel-dependent, even though 78% of all road transport will be electric by 2050,” says DNV’s Report.

By 2050, it is predicted that there will be around 2 billion passenger vehicles on the road, but emissions will fall dramatically from this sector as two thirds of cars on the road in 2050 will be battery electric, having outcompeted internal combustion engines due to high efficiency and low cost of fuel per distance travelled, together with supportive policies.

From a cyber security perspective, the transition is not one from internal combustion energy to battery electric, it’s from vehicles with digital extras to fully interconnected vehicles. 

Dozens of computers and hundreds of sensors operate and optimise brakes, electric flow, charging and many other functions within just one vehicle, always communicating with one another, and connecting via 4G and soon 5G networks to infrastructure, third-party services, and other vehicles. Such innovations in EVs have great potential to reduce emissions, increase safety, maximise efficiency and make personal transport a more comfortable experience.

But the technology and systems being developed and applied don’t always fully consider the security ramifications.

One example would be a control system that ‘sees’ the position of other cars, enabling vehicles to travel in clusters to save energy when they share a travel path. But this means sharing data vividly, and it creates a hefty attack vector. If the data is not anonymised, this could be used to track a person and their behaviour. EVs have complex system software that take care of many aspects of driving. If for whatever reason hackers gain access to the security codes your EV’s system, they could gain access to your personal information and can control of some functions remotely.

The good news is complex firewall systems will prevent the car from being taken over totally. EV hacking can affect functionalities like driver-assistance or the infotainment system. If your car computer has passwords or banking information on, that would be susceptible to hacking as well.

Attacks on infrastructure such as on satellites could affect EVs that depend on them. From another perspective, the proliferation of EV charging stations and related devices being connected to the grid is widening the attack surface.  This points to the operational security of EVs being more of an infrastructure issue, with the potential for power grids to be shut down.

From car manufacturers’ perspective, reputational and financial damage caused by a competitor or other actor is a more likely risk. Vulnerabilities could be exploited to cause comparatively minor operational issues affecting a vehicle’s charging, efficiency or range.  To manage this risk, manufacturers need to secure their supply chains and ensure the security of third-party vendors. This also presents an opportunity to gain competitive advantage through demonstrating credentials as the secure option.

Cyber security is an essential enabler for the rise of EVs and trust is a central feature to realising rapid growth in EV and all stakeholders need to trust that EVs are secure.

  • Drivers need to trust that EVs will have the range to get them to their destination and that they will have access to charging infrastructure. 
  • Manufacturers need to trust that supply chains can keep up and that supportive policies will continue. And policymakers need to trust that EVs are sustainable and contributing to societal aims like reducing emissions and local pollution. 

Cyber attacks on EVs are unlikely to bring roads to a standstill but we must be mindful of threats to related infrastructure and supply chains, as well as safeguarding personal data.

EV manufacturers should dedicate more effort to cyber security from multi-dimensional perspectives to design, build and maintain next-generation smart and connected systems. Simultaneously, users should be aware of proactive measures that can protect their vehicles and stay informed about how to keep their EVs secure, on and off the road.

RUSI:    IEEE Spectrum:   Goldsteram Gazette:    DNV:   Nevada Today:     BBC:    Wired:    EVHub:   

Image: A Krebs

You Might Also Read: 

Connected Cars - What  Does Your Car Know About You?:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« The Expensive Costs Of HIPAA Noncompliance & How To Avoid Them
The Israeli-Hamas Conflict Shows Cyber Warfare Is The New Normal »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Resecurity, Inc.

Resecurity, Inc.

Resecurity is a cybersecurity company that delivers a unified platform for endpoint protection, risk management, and cyber threat intelligence.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

NordLayer

NordLayer

NordLayer is an adaptive network access security solution for modern businesses — from the world’s most trusted cybersecurity brand, Nord Security. 

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

ON-DEMAND WEBINAR: What Is A Next-Generation Firewall (and why does it matter)?

Watch this webinar to hear security experts from Amazon Web Services (AWS) and SANS break down the myths and realities of what an NGFW is, how to use one, and what it can do for your security posture.

ProfitBricks

ProfitBricks

ProfitBricks is a secure cloud computing infrastructure-as-a-service (IaaS) solution.

RCMP Cybercrime Strategy

RCMP Cybercrime Strategy

The RCMP Cybercrime Strategy sets out in an Operational Framework and Action Plan to combat cybercrime.

Thales

Thales

Thales provides solutions, services and products that help its customers in the defence, aeronautics, space, transportation and digital identity and security markets to fulfil their critical missions.

Computer & Communications Industry Association (CCIA)

Computer & Communications Industry Association (CCIA)

CCIA supports efforts to facilitate and streamline information sharing on cyber threats between the private sector and the Federal Government.

Phew

Phew

Phew are New Zealand cyber security specialists with expertise and experience forged in global financial markets, IT&T, management consulting and SME business management.

ShiftLeft

ShiftLeft

ShiftLeft is a continuous application security platform, purpose-built for the modern software development life cycle.

CNS Group

CNS Group

CNS Group provides industry leading cyber security though managed security services, penetration testing, consulting and compliance.

Converge Technology Solutions

Converge Technology Solutions

Converge Technology Solutions Corp. is a North American IT solution provider delivering advanced analytics, cloud, cybersecurity, and managed services solutions.

CENSUS

CENSUS

CENSUS is a Cybersecurity services provider offering services to multiple industries worldwide such as Security Testing, Code Auditing, Secure SDLC, Vulnerability Research and Consulting Services.

Netenrich

Netenrich

The Netenrich operations intelligence platform is built from the ground up to help enterprises resolve everyday and futuristic problems for stable, secure environments and infrastructures.

Red Sky Alliance

Red Sky Alliance

Red Sky Alliance (Wapack Labs Corp) is a cyber threat intelligence firm that delivers proprietary intelligence data, analysis and in-depth strategic reporting.

ClearVector

ClearVector

ClearVector is a leading provider of realtime, identity-driven security for the cloud.

Advent One

Advent One

Advent One are recognised for solving intricate dilemmas, not only making technology work but building foundations that customers can grow upon in an effective and secure way.

NorthStar

NorthStar

NorthStar provide the visibility needed to track and reduce risk through risk-based vulnerability management and vulnerability exploit prediction.

BluSapphire

BluSapphire

BluSapphire is an industry-first, purpose-built, cloud-native, Hybrid XDR platform powered by AI and big data analytics.

Aegis9

Aegis9

Aegis9 is an Australian owned and sovereign consultancy that specialises in providing tailored security solutions for both public and private sector clients based on their specific needs.