As the number of EVs on the streets grows, so does the number of electric vehicle charging stations (EVCS) needed to juice them up — and along with them the number of the internet-connected managing systems within those stations.
These management systems offer an array of valuable capabilities like remote monitoring, scheduling, and user billing. However, they come with a significant drawback: as with virtually every device connected to the internet, they’re prone to cyberattacks.
A team of researchers led by Elia Bou Harb, director of the University of Texas Cyber Center for Security and Analytics, wanted to explore the real-life implications of cyberattacks against EV charging systems, and how to utilize cybersecurity countermeasures to mitigate them.
With this aim in mind, the researchers assessed a body of 16 electric vehicle charging station managing systems (EVCSMS), including systems developed by globally recognized vendors.
Their evaluation identified the 13 most severe vulnerabilities across the EVCSMS’ firmware, mobile, and web apps, which could lead to eleven types of cyberattacks.
The types of potential cyberattacks
The team divided cyberattacks into three separate categories:
- Attacks against the EVCS
- Attacks against the user
- Attacks against the power grid
In the first scenario, the EVCS could be compromised so it would charge slower or not at all, display manipulated charging fees to customers, or have features disabled.
In the second scenario, attackers could get access to the users’ charging records and personal information. This means that their data could be used for surveillance, blackmailing, identity theft, and payment fraud.
And in the third scenario, attackers could leverage a large number of compromised EVCSMS to either launch synchronized charging operations at the same time, or to reverse the electric flow back to the grid by increasing the discharging supply. Both attacks destabilize the grid, which can lead to cascading failure.
Countermeasures against cyberattacks
During this project, the research team developed countermeasures to patch each individual vulnerability they found. They also made several suggestions on suitable security measures, guidelines, and best practices developers can follow to mitigate the attacks.
Especially regarding the prevention of mass attacks to the power grid, the researchers recommend that patching existing vulnerabilities alone is not merely enough. They highlight that developers need to also incorporate initial security measures during the manufacturing of the charging stations.
The team plans to continue analyzing more charging stations in the future, and it’s also working with several industry partners to develop new security products that can protect vulnerable charging stations from exploitation.
You can find the research’s white paper on ResearchGate.