Every day that passes we are faced with new threats. In fact, for any novelty that hits the market, a few days or months later there is a threat to haunt it. This time the criminals have turned to charging stations for electric vehicles in earnest. The objective is to make the most of new technologies. This is because like any device that has access to the Internet, they are also at risk. If for now the attacks that were successful can be considered low-level, that is, they were only able to basically disable charging stations, the problem can quickly escalate and we have vehicles at risk.
Electric vehicles: charging stations in danger!
In fact, before we move on to everything that has already been done, the security giant itself Check Point Software already addressed this issue as we had the opportunity to mention in Leak.
Vehicles can also be in danger
When users charge their vehicles, there is also a data connection between the vehicle and the server of the company that manages the station. Charging stations are connected to the internet and, like any other IoT device, are vulnerable to cybercriminals. If a hacker manages to gain access to a loading center, this can have serious consequences.
From the outset this represents a major risk to the user’s safety. Theoretically, through a charging point, a criminal could access a vehicle’s engine management system and either compromise safety, performance or disable the vehicle altogether. Imagine that the vehicle in question was an ambulance. There, delays can be life threatening.
In addition, they have the possibility of taking down an entire network of charging centers with some ease. A small vulnerability in a device will suffice for this.
But there is more. In addition to being able to shut down a network of EV hubs, hackers would have access to operators’ management software and could attack via ransomware with consequent financial and reputational damage.
The most common types of attacks
In November 2021, a British electric vehicle charging company was attacked and criminals had access to the full names, addresses and places where customers charged their vehicles. In practice this has left 140,000 people in danger.
Then in July last year, that is, this is not exactly a novelty, several researchers found security flaws that allow you to easily deactivate or activate a charging station and lock or unlock the cable. However, it was also revealed that they manage to steal the vehicle’s identity or prevent it from loading.
Of course these are small scale attacks. But one could emerge on a more global scale. An example of this is a ransomware attack that can leave several stations down unless a certain amount is paid.
Cars are in danger too
A Check Point Software alerted to this issue. However, she was not the only one to do so. In fact, the Israeli company Upstream Security has also done the same. That said, he explained everything that can happen in the words of the company’s CEO. I remind you that this is an organization that protects intelligent vehicles from computer attacks. That is, they also speak with knowledge of the facts.
“The first risk is denial of service, which means you can’t charge your car.”
“The second risk is that your electric vehicle is talking to the charging station and exchanging messages about how much charging time and how much battery is left. It could be an entry point, actually, to enter the vehicle.
“The last one is the network. Someone can command the entire charging station fleet to start charging, creating a false demand from the grid, which cannot supply all power, and which shuts down.”
All electric vehicles can stop
There are currently around 2 million public charging stations globally and many more private ones. The numbers will increase exponentially over the next few years as car manufacturers completely phase out fossil fuels and go for the electrical component only.
“Someone sitting in North Korea or Russia could try to remotely hack a charging station. This can be a real risk not only for the station, but for the critical infrastructure of a country causing trams to stop” as Yoav Levy, CEO of Upstream Security.
Charging stations are managed remotely, which means that hackers who manage to access one will likely be able to access many. However, the apps used for loading are another attack vector.