Electric cars will be a frequent destination in the near future. Automotive companies have already arranged their production on these vehicles. As the number of electric cars on the road increases, so does the need for electric vehicle (EV) charging stations and Internet-based management systems at these stations. But these management systems face their own problems. We can call this as “The Risk of Cyber Attack on Electric Vehicles”.
Researchers shed light on the vulnerabilities of these cyber systems and also suggest measures to protect them from harm.
Systems built into electric cars handle critical tasks over the internet, including remote monitoring and customer billing, as do an increasing number of internet-enabled EV charging stations.
The researchers wanted to explore the real-life effects of cyberattacks on EV charging systems and how to use cybersecurity measures to mitigate them. His team also evaluated how exploited systems could attack critical infrastructures such as the power grid.
Associate Professor Bou-Harb says, “Electric vehicles are the norm today. However, management stations are vulnerable to security exploits,” he said. “In this study, we sought to uncover security weaknesses and understand the implications for electric vehicles and the smart grid while making recommendations for proactive safety improvement and sharing our findings with the relevant industry.”
How Safe Are Electric Vehicle Charging Stations?
The team identified 16 electric vehicle charge management systems, which they divided into separate categories such as firmware, mobile and web applications. They did an in-depth security analysis on each of them.
During this project, the team developed various security measures, guidelines and best practices for developers to mitigate cyber attacks. They also created countermeasures to fix each vulnerability they find.
To prevent a mass attack on the electrical grid, the researchers recommend that developers fix existing vulnerabilities, as well as take initial security measures during the manufacture of charging stations.
“We developed a system search and aggregation approach to identify multiple EV charging systems, then used reverse engineering and white/black-box web application penetration testing techniques to perform a comprehensive vulnerability analysis,” explains Bou-Harb.
The team discovered a number of vulnerabilities across 16 systems and highlighted the 13 most serious vulnerabilities, such as incomplete authentication and cross-site scripting. By exploiting these vulnerabilities, attackers can cause various problems, including manipulating the software or disguising themselves as real users and gaining access to user data.
According to a recent report by the researchers, “While it is possible to perform different attacks on various units in the electric vehicle ecosystem, in this study, we focus on investigating large-scale attacks that have a severe impact on the compromised charging station.
“Many industry members have already acknowledged the vulnerabilities we uncovered,” Bou-Harb said. This information will help strengthen these charging stations against cyberattacks to protect the public, making recommendations for future security solutions in the context of electric vehicles and the smart grid.”
The researchers plan to continue analyzing more charging stations to better understand their safety postures. They are also working with various industry partners to help shape new security products from the design stage and develop security resilience measures that protect vulnerable charging stations from exploitation.
Source: Computers & Security