To avoid cyberthreats happening in the future on EV charging stations, it is necessary to take precautionary steps in this digital age
As the number of electric cars on the road grows, so does the need for electric vehicle (EV) charging stations and the Internet-based managing systems within those stations. However, these managing systems face their own issues: cybersecurity attacks. Image credit: UTSA
Having learned from the cyberattacks in the past, a lot has been since emphasised on protecting autonomous vehicle (AV) systems from such repeated threats. Better awareness is key to mitigating your vehicle’s systems from getting compromised and putting you in danger.
While certain challenges need to be overcome with respect to their widescale adoption, it is no doubt that electric vehicles (EVs), like AVs, are the future of modern transportation.
As and when the number of EV charging stations go up, efficient Internet-based managing systems within those stations will also be required. However, owing to unawareness, these managing systems can come under cyberattacks that can eventually rupture the entire EV charging mechanism including remote monitoring and customer billing.
“Electrical vehicles are the norm nowadays. However, their management stations are susceptible to security exploitations,” said Elias Bou-Harb, associate professor in the Carlos Alvarez College of Business’ Department of Information Systems and Cyber Security and director of the UTSA Cyber Center for Security and Analytics.
To explore the real-life implications of cyberattacks against EV charging systems and how to utilise cybersecurity countermeasures to mitigate them, he and his team of experts delved deep to study how the infrastructure related to EV charging stations such as power grids get affected. To begin with, the team assessed different tools including firmware, mobile and web apps involved in the EV charging managing system.
“In this work, we endeavoured to uncover their related security weaknesses and understand their consequences on electrical vehicles and the smart grid while providing recommendations and sharing our findings with relevant industry for proactive security remediation,” said Elias Bou-Harb.
He further added, “We devised a system lookup and collection approach to identify a large number of EV charging systems, then leveraged reverse engineering and white-/black-box web application penetration testing techniques to perform a thorough vulnerability analysis.”
Upon analysis, the team discovered a range of vulnerabilities amongst the systems such as missing authentication and cross-site scripting, which can be exploited by attackers for firmware manipulation or for illegal access of user data.
By developing several security measures, guidelines and best practices for developers to mitigate cyberattacks, the team of experts suggested certain countermeasures.
To prevent a mass attack on the power grid, it is recommended that during the development phase of the EV charging mechanisms, existing vulnerabilities should be patched and adequate security measures are incorporated.
“Many industry members have already acknowledged the vulnerabilities that we uncovered,” Bou-Harb said. “This information will help immunise these charging stations to protect the public and provide recommendations for future security solutions in the context of EVs and the smart grid.”
To further analyse other areas of the EV charging ecosystem, the team is working with key industry players. This will help develop more robust and resilient security measures that protect vulnerable charging stations from exploitation.
Read here for more