Electric Vehicles: The Hacking Risks 

Uploaded on 2023-10-16 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-Transport & Travel

With the world making strides to become more eco-friendly, electric vehicles (EVs) have sprung into the mainstream automobile market. Companies like Tesla, Rivian, Lucid, General Motors and Nissan have emerged as front-running innovators of this technology. 

As the world transitions from combustion-engine to electric vehicles, there are a host of risks to be mindful of - not just in the EV bour in the battery charging network and elsewhere.

Managing these risks will be important in order to grow trust in the EV sector, especially as many connected devices have not been designed with cyber security in mind or may not be optimally connected to reduce vulnerabilities and manage security. If a charging station is compromised a customer’s private information could be leaked, such as the time and location of the vehicle. Hackers can also disrupt the charging process and damage the battery, the most expensive part of an electric vehicle.

According to a report from Upstream Security, electric vehicle charging station-related breaches accounted for four per cent of cyber attacks on connected cars in 2022,

Today, there are around 1.2 billion cars on the world’s roads and 97% of them are internal combustion engine vehicles, contributing around 10% of global CO2 emissions. In many countries over the next 10 to 15 years climate targets are likely to translate into government policies banning or suppressing the sale of vehicles running on fossil fuels. 

DNV’s Energy Transition Outlook predicts that 50% of global passenger vehicle sales will be electric by 2033, with the market moving fastest in Europe and China. "Shipping, aviation and road transport today account for almost 25% of overall emissions. We forecast this to rise to 30% by 2050 although total emissions from transport almost halve.  “The central difficulty for transport is that much of it will remain fuel-dependent, even though 78% of all road transport will be electric by 2050,” says DNV’s Report.

By 2050, it is predicted that there will be around 2 billion passenger vehicles on the road, but emissions will fall dramatically from this sector as two thirds of cars on the road in 2050 will be battery electric, having outcompeted internal combustion engines due to high efficiency and low cost of fuel per distance travelled, together with supportive policies.

From a cyber security perspective, the transition is not one from internal combustion energy to battery electric, it’s from vehicles with digital extras to fully interconnected vehicles. 

Dozens of computers and hundreds of sensors operate and optimise brakes, electric flow, charging and many other functions within just one vehicle, always communicating with one another, and connecting via 4G and soon 5G networks to infrastructure, third-party services, and other vehicles. Such innovations in EVs have great potential to reduce emissions, increase safety, maximise efficiency and make personal transport a more comfortable experience.

But the technology and systems being developed and applied don’t always fully consider the security ramifications.

One example would be a control system that ‘sees’ the position of other cars, enabling vehicles to travel in clusters to save energy when they share a travel path. But this means sharing data vividly, and it creates a hefty attack vector. If the data is not anonymised, this could be used to track a person and their behaviour. EVs have complex system software that take care of many aspects of driving. If for whatever reason hackers gain access to the security codes your EV’s system, they could gain access to your personal information and can control of some functions remotely.

The good news is complex firewall systems will prevent the car from being taken over totally. EV hacking can affect functionalities like driver-assistance or the infotainment system. If your car computer has passwords or banking information on, that would be susceptible to hacking as well.

Attacks on infrastructure such as on satellites could affect EVs that depend on them. From another perspective, the proliferation of EV charging stations and related devices being connected to the grid is widening the attack surface.  This points to the operational security of EVs being more of an infrastructure issue, with the potential for power grids to be shut down.

From car manufacturers’ perspective, reputational and financial damage caused by a competitor or other actor is a more likely risk. Vulnerabilities could be exploited to cause comparatively minor operational issues affecting a vehicle’s charging, efficiency or range.  To manage this risk, manufacturers need to secure their supply chains and ensure the security of third-party vendors. This also presents an opportunity to gain competitive advantage through demonstrating credentials as the secure option.

Cyber security is an essential enabler for the rise of EVs and trust is a central feature to realising rapid growth in EV and all stakeholders need to trust that EVs are secure.

  • Drivers need to trust that EVs will have the range to get them to their destination and that they will have access to charging infrastructure. 
  • Manufacturers need to trust that supply chains can keep up and that supportive policies will continue. And policymakers need to trust that EVs are sustainable and contributing to societal aims like reducing emissions and local pollution. 

Cyber attacks on EVs are unlikely to bring roads to a standstill but we must be mindful of threats to related infrastructure and supply chains, as well as safeguarding personal data.

EV manufacturers should dedicate more effort to cyber security from multi-dimensional perspectives to design, build and maintain next-generation smart and connected systems. Simultaneously, users should be aware of proactive measures that can protect their vehicles and stay informed about how to keep their EVs secure, on and off the road.

RUSI:    IEEE Spectrum:   Goldsteram Gazette:    DNV:   Nevada Today:     BBC:    Wired:    EVHub:   

Image: A Krebs

You Might Also Read: 

Connected Cars - What  Does Your Car Know About You?:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« The Expensive Costs Of HIPAA Noncompliance & How To Avoid Them
The Israeli-Hamas Conflict Shows Cyber Warfare Is The New Normal »

Infosecurity Europe
CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

IT Governance

IT Governance

IT Governance is a leading global provider of information security solutions. Download our free guide and find out how ISO 27001 can help protect your organisation's information.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

Infosecurity Europe, 3-5 June 2025, ExCel London

Infosecurity Europe, 3-5 June 2025, ExCel London

This year, Infosecurity Europe marks 30 years of bringing the global cybersecurity community together to further our joint mission of Building a Safer Cyber World.

Galaxkey

Galaxkey

Galaxkey is a data protection product that protects email, documents and any data using access control and an encryption platform.

Oracle Cloud Security

Oracle Cloud Security

Oracle’s cloud security solutions enable organizations to implement and manage consistent security policies across the hybrid data center.

Trinexia

Trinexia

Trinexia (formerly Credence Security) is a specialty Value-added Distributor of Cyber Security, Digital Forensics, Security Awareness, Data Security & Governance solutions.

ECOS Technology

ECOS Technology

ECOS Technology specializes in the development and sale of IT solutions for high-security remote access as well as the management of certificates and smart cards.

CSIRT GOV - Poland

CSIRT GOV - Poland

Computer Security Incident Response Team CSIRT GOV, run by the Head of the Internal Security Agency, acts as the national CSIRT responsible for coordinating the response to computer incidents.

Cancom

Cancom

CANCOM group is one of the leading providers of IT infrastructure and IT services in Germany and Austria. Solution areas include network security.

C3.ai

C3.ai

The C3 AI Suite supports configurable, pre-built, high value AI applications for predictive maintenance, fraud detection, anti-money laundering, sensor network health and more.

CyberProof

CyberProof

CyberProof aims to give clarity and confidence to businesses worldwide using a new risk-based approach to cyber security services.

ENAC

ENAC

ENAC is the national accreditation body for Spain. The directory of members provides details of organisations offering certification services for ISO 27001.

ColorTokens

ColorTokens

ColorTokens Xtended ZeroTrust Platform protects from the inside out with unified visibility, micro-segmentation, zero-trust network access, cloud workload and endpoint protection.

MSPAlliance

MSPAlliance

MSPAlliance is the world’s largest industry association and certification body for cloud computing and managed service professionals.

Open Systems

Open Systems

Open Systems is a Secure Access Service Edge (SASE) pioneer delivering a complete solution to network and security.

Cyber Tzar

Cyber Tzar

Cyber Tzar is a new approach at dealing with an old problem; assessing and managing risks to your IT estate.

Nuts Technologies

Nuts Technologies

Nuts Technologies are simplifying data privacy and encryption with our innovative and novel data containers we call nuts based on our Zero Trust Data framework.

Gomboc.ai

Gomboc.ai

Gomboc solve cloud infrastructure security policy deviations by providing tailored remediations to the IaC (Infrastructure as Code).

Tychon

Tychon

Tychon develops advanced enterprise endpoint management technology that enables commercial and government organizations to bridge the gap between security and IT operations.