The dark side of the electric mobility revolution: charging stations under the threat of cyber attacks
Pornography broadcasts, political slogans and potential damage to power grids – what else can hackers do with gas stations?
Electric vehicle charging stations have become a new target for hackers who are using them to spread political slogans, pornography and other unsolicited messages.
So, in June of this year, in the United States, one of the drivers of the electric Kia EV6 discovered on the network charging station screen electrify america meme with President Biden. In Russia, a year and a half ago, supposedly Ukrainian cybercriminals hacked charging stations along the Moscow-St. placed opposition slogans on them. At about the same time in England, intruders forced public charging stations broadcast pornography.
So far, these attacks have not caused tangible damage, but cybersecurity experts warn that the consequences could be much more serious if hackers are serious about hacking gas stations. And the more they are installed around the world, the higher the risks.
In recent years, security researchers and white hat hackers have discovered many vulnerabilities in Internet-connected home and public chargers. They can expose customer data, compromise Wi-Fi hotspots, and even disrupt power grids.
“This is a serious problem. And it could be a real disaster for our country if we don’t get it right,” said Jay Johnson, an American cybersecurity researcher from Sandia National Laboratories.
When a British security research firm Pen Test Partners spent long exhaustive analysis seven popular charging station models in the UK, she found that five of them had critical flaws. For example, experts have identified a software bug in the network chargepoint, which hackers could use to get sensitive user information. And charging stations distributed in the UK by the company Project EVand at all some time ago they allowed third parties to overwrite their firmware.
Such vulnerabilities could, according to experts, allow hackers to access car or credit card data of network customers. But the most troubling shortcoming discovered was the ability for hackers to arbitrarily stop or start charging at their discretion, which could well be used to eliminate a large network of charging stations at once. Not to mention the fact that the owners of electric vehicles themselves will be left without charging and may be stuck outside the house for a long time.
In addition, if hackers can activate thousands of chargers at the same time, it could destabilize and even completely disable the electrical networks in entire cities. Which, of course, already looks like a targeted terrorist act, rather than a simple hacker attack.
“We have inadvertently created a weapon that aggressor states can use against our electrical grid,” said a spokesman for Britain’s Pen Test Partners.
The main recommendation from experts to consumers is not to connect their home chargers from electric vehicles to the Internet, which should prevent the exploitation of most vulnerabilities. However, the bulk of the protective measures still have to come from manufacturers.
Although the Pen Test Partners team said that after specialists discovered vulnerabilities in a particular network of electric filling stations, companies reacted to them quite quickly and closed them most often within a day, the nature of the identified vulnerability will not always allow it to be eliminated quickly. And in general, it seems that charging stations for electric vehicles are clearly not the kind of industry in which such fatal flaws in security systems are generally acceptable.
“Our critical infrastructure must meet a basic level of security and resilience,” said Harry Kreisa of the US Office of the National Director of Cybersecurity. He also said that strengthening cybersecurity in the field of electric vehicles is not only about reducing risks, but also about building trust. Only secure systems, he says, provide confidence in next-generation digital platforms.