Electric Vehicles: The Hacking Risks 

Uploaded on 2023-10-16 in TECHNOLOGY--Hackers, FREE TO VIEW, BUSINESS-Services-Transport & Travel

With the world making strides to become more eco-friendly, electric vehicles (EVs) have sprung into the mainstream automobile market. Companies like Tesla, Rivian, Lucid, General Motors and Nissan have emerged as front-running innovators of this technology. 

As the world transitions from combustion-engine to electric vehicles, there are a host of risks to be mindful of - not just in the EV bour in the battery charging network and elsewhere.

Managing these risks will be important in order to grow trust in the EV sector, especially as many connected devices have not been designed with cyber security in mind or may not be optimally connected to reduce vulnerabilities and manage security. If a charging station is compromised a customer’s private information could be leaked, such as the time and location of the vehicle. Hackers can also disrupt the charging process and damage the battery, the most expensive part of an electric vehicle.

According to a report from Upstream Security, electric vehicle charging station-related breaches accounted for four per cent of cyber attacks on connected cars in 2022,

Today, there are around 1.2 billion cars on the world’s roads and 97% of them are internal combustion engine vehicles, contributing around 10% of global CO2 emissions. In many countries over the next 10 to 15 years climate targets are likely to translate into government policies banning or suppressing the sale of vehicles running on fossil fuels. 

DNV’s Energy Transition Outlook predicts that 50% of global passenger vehicle sales will be electric by 2033, with the market moving fastest in Europe and China. "Shipping, aviation and road transport today account for almost 25% of overall emissions. We forecast this to rise to 30% by 2050 although total emissions from transport almost halve.  “The central difficulty for transport is that much of it will remain fuel-dependent, even though 78% of all road transport will be electric by 2050,” says DNV’s Report.

By 2050, it is predicted that there will be around 2 billion passenger vehicles on the road, but emissions will fall dramatically from this sector as two thirds of cars on the road in 2050 will be battery electric, having outcompeted internal combustion engines due to high efficiency and low cost of fuel per distance travelled, together with supportive policies.

From a cyber security perspective, the transition is not one from internal combustion energy to battery electric, it’s from vehicles with digital extras to fully interconnected vehicles. 

Dozens of computers and hundreds of sensors operate and optimise brakes, electric flow, charging and many other functions within just one vehicle, always communicating with one another, and connecting via 4G and soon 5G networks to infrastructure, third-party services, and other vehicles. Such innovations in EVs have great potential to reduce emissions, increase safety, maximise efficiency and make personal transport a more comfortable experience.

But the technology and systems being developed and applied don’t always fully consider the security ramifications.

One example would be a control system that ‘sees’ the position of other cars, enabling vehicles to travel in clusters to save energy when they share a travel path. But this means sharing data vividly, and it creates a hefty attack vector. If the data is not anonymised, this could be used to track a person and their behaviour. EVs have complex system software that take care of many aspects of driving. If for whatever reason hackers gain access to the security codes your EV’s system, they could gain access to your personal information and can control of some functions remotely.

The good news is complex firewall systems will prevent the car from being taken over totally. EV hacking can affect functionalities like driver-assistance or the infotainment system. If your car computer has passwords or banking information on, that would be susceptible to hacking as well.

Attacks on infrastructure such as on satellites could affect EVs that depend on them. From another perspective, the proliferation of EV charging stations and related devices being connected to the grid is widening the attack surface.  This points to the operational security of EVs being more of an infrastructure issue, with the potential for power grids to be shut down.

From car manufacturers’ perspective, reputational and financial damage caused by a competitor or other actor is a more likely risk. Vulnerabilities could be exploited to cause comparatively minor operational issues affecting a vehicle’s charging, efficiency or range.  To manage this risk, manufacturers need to secure their supply chains and ensure the security of third-party vendors. This also presents an opportunity to gain competitive advantage through demonstrating credentials as the secure option.

Cyber security is an essential enabler for the rise of EVs and trust is a central feature to realising rapid growth in EV and all stakeholders need to trust that EVs are secure.

  • Drivers need to trust that EVs will have the range to get them to their destination and that they will have access to charging infrastructure. 
  • Manufacturers need to trust that supply chains can keep up and that supportive policies will continue. And policymakers need to trust that EVs are sustainable and contributing to societal aims like reducing emissions and local pollution. 

Cyber attacks on EVs are unlikely to bring roads to a standstill but we must be mindful of threats to related infrastructure and supply chains, as well as safeguarding personal data.

EV manufacturers should dedicate more effort to cyber security from multi-dimensional perspectives to design, build and maintain next-generation smart and connected systems. Simultaneously, users should be aware of proactive measures that can protect their vehicles and stay informed about how to keep their EVs secure, on and off the road.

RUSI:    IEEE Spectrum:   Goldsteram Gazette:    DNV:   Nevada Today:     BBC:    Wired:    EVHub:   

Image: A Krebs

You Might Also Read: 

Connected Cars - What  Does Your Car Know About You?:

___________________________________________________________________________________________

If you like this website and use the comprehensive 6,500-plus service supplier Directory, you can get unrestricted access, including the exclusive in-depth Directors Report series, by signing up for a Premium Subscription.

  • Individual £5 per month or £50 per year. Sign Up
  • Multi-User, Corporate & Library Accounts Available on Request

Cyber Security Intelligence: Captured Organised & Accessible

 

« The Expensive Costs Of HIPAA Noncompliance & How To Avoid Them
The Israeli-Hamas Conflict Shows Cyber Warfare Is The New Normal »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

Cyber Security Supplier Directory

Cyber Security Supplier Directory

Our Supplier Directory lists 6,000+ specialist cyber security service providers in 128 countries worldwide. IS YOUR ORGANISATION LISTED?

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

High-Tech Bridge

High-Tech Bridge

High-Tech Bridge SA is a Swiss MSSP provider offering security auditing, source code review and computer forensics.

VNT Software

VNT Software

VNT's vision is to change the way complex IT problems are resolved by predicting business disruptions before they occur.

Nexis

Nexis

Nexis GmbH is a German IT security company specializing in IAM, access control, and risk management.

Austrian Trust Circle

Austrian Trust Circle

Austrian Trust Circle is an initiative of CERT.at and the Austrian Federal Chancellery and consists of Security Information Exchanges in the areas of the strategic information infrastructure.

Keepnet Labs

Keepnet Labs

Keepnet Labs is a phishing defence platform that provides a holistic approach to people, processes and technology to reduce breaches and data loss and presents anti-phishing solutions.

Cyber NYC

Cyber NYC

Cyber NYC is a suite of strategic investments to grow New York City’s cybersecurity workforce, help companies drive innovation, and build networks and community spaces.

C11 Cyber Security & Digital Innovation Centre

C11 Cyber Security & Digital Innovation Centre

C11 is working with local and national partners to develop talent and bring brilliant minds and brilliant businesses together.

IT Band Systems

IT Band Systems

IT Band Systems is an international provider of IT products and services including web server monitoring and web security consulting.

ConnectWise

ConnectWise

The Unified ConnectWise Platform offers intelligent software and expert services to easily run your business, deliver your services, secure your clients, and build your staff.

Bytes Technology Group

Bytes Technology Group

Bytes is a leading provider of world-class IT solutions. Our growing portfolio of services includes cloud, security, licensing, SAM, storage, virtualisation and managed services.

LogicMonitor

LogicMonitor

LogicMonitor provides SaaS-based IT infrastructure monitoring services for on-premises and multi-cloud environments.

ExtraHop

ExtraHop

ExtraHop's dynamic cyber defense platform uses cloud-scale AI to help enterprises detect and respond to advanced threats - before they compromise your business.

Sentryc

Sentryc

Sentryc provides automated monitoring of brands on online marketplaces and social media making online brand protection processes faster, more clearly structured and more efficient.

GoodAccess

GoodAccess

GoodAccess is the cybersecurity platform that gives your business the security benefits of zero trust without the complexities so your users can securely access digital resources anytime, anywhere.

Marlink

Marlink

Marlink smartly integrates hybrid, future-ready network solutions so you can benefit from the best available connectivity and IT to accelerate your digitalisation and empower your remote operations.

Blue Cloud Softech Solutions

Blue Cloud Softech Solutions

Blue Cloud Softech propels inspiring digital transformations. We provide AI products, cybersecurity, healthcare technology, and cloud solutions.