Why electric vehicles are at high risk for cyberattacks
What began as a mechanical business now exists as one of the most well-known industries worldwide: the automotive industry has seen more than one hundred years of gradual evolution, that is, until recently.
The automotive industry’s past decade has seen a rapid digital transformation that’s given rise to electric and connected vehicles. The first quarter of 2022 saw a whopping 60 percent increase in electric vehicle registrations, pushing the EV share of the US market to a historic high of 4.6 percent.
It’s therefore, little surprise that in light of the proliferation of connected and electric vehicles and their ever-increasing lines of code, the cybersecurity risks that threaten these vehicles’ entire ecosystems are also increasing.
As with the other devices we frequently use in today’s hyperconnected world, electric vehicles are intrinsically connected too. Similarly to veritable rolling computers, they introduce many levels of technology into our driving experience
The complexity of cybersecurity as it relates to a vehicle is still developing from a design, development, testing, production, and post-production perspective. A vehicle’s cybersecurity has several stages that demand protection, and therein lies much of the challenge.
To that end, let’s cover why electric and connected vehicles are at greater risk of cyber-related attacks.
The current state of EV cybersecurity
Our world of sprawling and connected devices has innovated almost every aspect of our lives, from our workplaces and homes to education and even healthcare, and, of course, our roads and the way we travel.
Amidst all this potential and innovation in technology, however, arises the issue of widened cybersecurity exposure. As a greater number of EV parts -- autonomous navigation systems and steering mechanisms, to name a few -- become connected, the likelihood that hackers will take advantage of new openings and opportunities is also increasing. This likelihood becomes particularly worrisome in light of the fact that nearly 80 percent of two-car households are considering electric cars for their next purchase.
But it’s not as if no bad actor has ever exploited this wide surface of exposure before. Earlier this year, a teenager started 25 Tesla EVs across thirteen countries by taking advantage of a vulnerability he found in a third-party application. And he didn’t stop there; he was also able to activate each of the vehicle’s radios and windows. While this may not have been a worst-case scenario in terms of cybersecurity exploitation, it indicates that other actors could very well exploit EV software in much more malicious ways.
Notable among infrastructures that may pose electric vehicle-related cybersecurity risks are EV charging stations, which continue to increase worldwide.
Charging stations contribute to rising EV cybersecurity stakes
Charging stations for electric vehicles have been appearing in increasing numbers worldwide for some time. Unfortunately, so too, have incidents relating to charging station-related cybercrimes. Earlier this year and in separate cases, bad actors were able to display adult and politically charged content through EV charging stations. Some analysts posit that hackers could even readily compromise charging stations to impact victims on a much wider scale.
As electric vehicles take over the road, EV charging stations will likely continue to serve as attractive targets for cybercriminals. And, unless these stations emphasize their cybersecurity posture, they will inevitably create a superhighway ripe for hacking.
EV charging stations require agile security measures and cybersecurity technology to be directly built into them.
Why? Because the infrastructure of EV charging stations is essentially a device that must connect and communicate with a separate device to initiate the charging process. The problem is that EV charging infrastructure requires a third-party firewall for protection against hackers. These third-party firewalls become all the more important as EV charging stations are more rapidly adopted and whose security measures often fall by the wayside.
It’s incumbent on cybersecurity leaders to regularly monitor for security threats as they relate to EV charging stations. Just as you should expect your auto repair provider to invest in their security measures to prevent hackers from stealing your financial info, so too should you expect security leaders to incorporate security measures into their charging stations post-production phase. This incorporation of security technology ensures that a greater level of security applies to the smart mobility ecosystem and the connected EVs under it.
Another issue with most modern EV charging stations relates to their obsolete, HTTP-based Open Charge Point Protocol. The protocol doesn’t encrypt communications and data and opens charging stations up to dangerous man-in-the-middle attacks. Encryption is essential for everyone, especially as personal information is growing more valuable to cybercriminals by the month.
Another common risk that security leaders must address sooner rather than later is the USB port typically found on charging stations. These ports let cybercriminals compromise private driver data with the help of a simple flash drive to which they can copy driver information.
How security leaders can stay on top of EV cybersecurity
If one were to open their electric car’s hood, they’d find a complex ecosystem teeming with components manufactured by tons of different brands. It’s next to impossible to ensure that all of those component manufacturers commit to cybersecurity equally, which is why it may be necessary to compel manufacturers to attest to their commitment to EV cybersecurity.
It’s also likely that manufacturers of devices, including those of EVs, will soon be compelled to disclose the components that constitute their products publicly. These bills of materials should, in theory, make it easier for cybersecurity leaders to assess and enhance an EV’s cybersecurity as well as mitigate threats and vulnerabilities. These bills of materials, however, will ideally need to reference potential vulnerabilities and weaknesses for cybersecurity leaders to improve EV security.
The biggest challenge electric vehicle cybersecurity faces is the number of gaps between security processes that go into EV manufacturing. With so many disparate processes, it’s impossible to gain a complete high-level view of the modern EV cybersecurity landscape.
Even just a century ago, nobody could have said that our cars would rely on so much software or that the automotive industry would have embraced electrification to the degree it has. But here we are, and as EV cybersecurity threats loom larger every day, the automotive world requires a security solution that can keep up with and protect the rapid progress that the industry is undergoing.
Lee Li is a project manager and B2B copywriter with a decade of experience in the Chinese fintech startup space as a PM for TaoBao, MeitTuan, and DouYin (now TikTok).