Electric vehicle networks could be vulnerable to high-tech hackers
EV hacks could include identity theft, remote control of cars, experts warn
More drivers than ever are taking to the roads in electric vehicles, and with that, the threat of widespread hacking has increased.
The growing demand for electric vehicles has led to the investment and creation of sprawling networks of charging stations in the United States and Great Britain. In particular, the Biden administration has committed $7.5 billion to install a network of 500,000 chargers. These networks, however, open the door to digital vulnerabilities.
These hacks, according to cybersecurity and industry experts, could be as simple as stealing electricity or credit card information, or as complex as remotely taking control of thousands of machines and impacting the grid by causing blackouts.
"As the electric vehicle charge infrastructure grows, there is huge demand upon our power systems and also getting cybersecurity right," Ken Munro, a founder of Pen Test Partners, told Fox News. "So, the bigger these fleets of chargers are, the more potential there is for vulnerabilities."
Munro said these vulnerabilities are particularly present in chargers manufactured by companies not affiliated with automakers. For instance, chargers made by Ford or Tesla are less likely to be hacked than ones made by other companies. In a demonstration Munro gave Fox News at his Pen Test Partners headquarters outside of London, he showed how easy it is to hack several third-party chargers.
One charger made by a Chinese manufacturer and rebranded for the U.K. market was particularly easy to take control of. If a hacker knew the short serial number on the outside of the plastic casing, they could go up or down by a single digit to take control of other chargers by the same manufacturer. In doing so, they could potentially gain access to hundreds of chargers.
Munro said this access to mass chargers could impact the grid if the hacker turned them all off and on again at the same time during peak usage hours, overloading the grid and potentially causing blackouts.
WALMART SAYS ITS ELECTRIC VEHICLE CHARGER NETWORK IS IN WORKS
"It's not about turning off one charger," Munro said. "It's about turning them all off and on together. And that will create spikes on the power grid enough at times of peak demand to trip the grid out. So these charges, if they haven't been secured properly, create a weapon that others can use against our countries."
These threats in both countries are exacerbated by a grid that is already surprisingly vulnerable when demand is highest. The United States in particular regularly faces the risk of blackouts during extreme weather events in much of the country.
In the U.S., Pete Nicoletti, a field chief information security officer for Check Point Software Technologies, underlined the threat unsecured chargers pose to the already vulnerable grid.
"At the intersection of the EV chargers to the grid, that's where the grid providers really need to look at protecting themselves from a potential grid impact [by] making sure that the design is appropriate," he told Fox News. "Very low-tech types of attack are successful against our grid, the same types of low-tech attacks against chargers and the grids and the substations that supply them are quite easy."
EV TAX CREDIT ELIGIBILITY TO BE REDUCED IN THE COMING MONTH
Nicoletti has a background in white hat hacking, which is when hackers use their skills to find weaknesses in technology so manufacturers can address them before they are used for ill-gotten gains. He said hackers can gain access either through physical manipulation of the individual chargers, or through unencrypted or unsecured wireless connections between the chargers, the vehicles and the internet.
"The minute you start having these chargers distributed out there, they’re not physically secure. It’s not like a gas station," he said. "Any hacker knows if you have physical access to a device, you own that device."
Governments are able to counter any potential damage hackers could do with access to electric vehicle charging networks by mandating stringent cybersecurity regulations on the chargers and networks themselves. Zach Supalla, the founder of internet connectivity company Particle, told Fox News the wheels of regulation are already turning in the United Kingdom.
"The U.K. is kind of out front and trying to apply good regulations about security, reliability, uptime, things like that. In general, those regulations are good," Supalla said. "... This is likely to be an example where the U.K. is the first ones there, kind of establishing a norm that'll probably get adopted more widely in Europe. And then at some point potentially in the U.S."
Supalla said the security issues, especially among third-party charger manufacturers, are not their forte.
EUROPEAN UNION BANS SALES OF CO2-EMITTING CARS BY 2035
"It’s not massively expensive, but it’s not necessarily the skill set of a lot of these manufacturers," he said. "So typically the reason that a lot of products tend to have security issues isn’t because the company doesn’t want to spend the money. It’s because they are not security experts."
Of the guidelines that would protect against most hacks and vulnerabilities, Nicoletti said the government could mandate charger manufacturers meet the standards they set for themselves. These cybersecurity standards protect against most attacks.
GET FOX BUSINESS ON THE GO BY CLICKING HERE
The biggest thing, beyond stricter regulations, is cooperation and coordination between people in charge of the grid and internet infrastructures, the manufacturers of the chargers and the government bodies that watch over all of it.
"It's a whole ecosystem of people that need to work together to make sure that those security standards are in place," Nicoletti said, "and I'd rather see it sooner rather than later, because we need to head towards this more secure world rather than the Wild West as it is right now."