Why weak security at electric car charging stations and flaws in outdated vehicle software causes personal data theft


If you’re driving an electric car, your biggest concern may be ‘range anxiety’ – worrying about whether you’ll have enough charge to reach your destination.

But another issue that you may not be aware of is the risk of cybercriminals gaining remote access to your vehicle and having your personal information stolen.

Jake Moore, a security specialist at ESET, said electric vehicles (EVs) run software with “flaws and weaknesses” that hackers can target.

Apps installed on the car’s software often ask for details such as email address, phone number and even credit card information.

So if they gain access to the vehicle (or charger), this personal information could be stolen and potentially sold to the dark web, leading to money loss, fraud, and more.

Is your electric car safe? Security issues surrounding electric cars and their infrastructure are multifaceted, experts explain – but still governments scramble to roll out the technology

By 2030, the British government plans to end sales of diesel and petrol cars in favor of electric cars, while the Biden administration has a $5 billion plan to create a new network of 500,000 electric charging points.

By 2030, the British government plans to end sales of diesel and petrol cars in favor of electric cars, while the Biden administration has a $5 billion plan to create a new network of 500,000 electric charging points.

In the UK, petrol and diesel vehicles are being phased out in favor of the technology, but Moore thinks security flaws in EV software are being overlooked.

“As companies and governments battle in the race to build and install charging stations, malicious actors are not far behind to exploit the potentially weak built-in technology,” he told MailOnline.

“So much new technology is designed with one thing in mind: speed of production, which is why security is displaced and devices are often riddled with current and future flaws.”

EVs are connected to the internet and receive updates ‘over the air’ – delivered over a wireless network – to update their software.

But like any other computer or smart device, an electric car is vulnerable to unauthorized access if it is not regularly updated or if it is running outdated software.

As demonstrated by a team of Belgian researchers with a Tesla, an electric car that does not have the latest software can also be unlocked and possibly stolen, if the criminal gets close enough.

Security issues surrounding electric cars and their infrastructure are multifaceted, experts explain, but this hasn’t stopped governments from racing to roll out the technology.

Pete Nicoletti, a researcher at security firm Check Point, agreed that unauthorized EV access is a threat, but a bigger problem is public EV chargers.

Hackers have already manipulated EV chargers to display pornography on their screens, but the potential security threats are worse.

EV chargers are connected to the internet, run on software and have displays like any other device.  Pictured is a BMW electric vehicle parked at a Volta EV charging station in Corte Madera, California

EV chargers are connected to the internet, run on software and have displays like any other device. Pictured is a BMW electric vehicle parked at a Volta EV charging station in Corte Madera, California

It is 'quite easy' for criminals to compromise EV chargers, says an expert.  View of a damaged electric car charging station on Rue de la Loge in Marseille, France

It is ‘quite easy’ for criminals to compromise EV chargers, says an expert. View of a damaged electric car charging station on Rue de la Loge in Marseille, France

Nicoletti said it’s “quite easy” to compromise EV chargers, which are connected to the internet, run software and have displays like any other device.

“All chargers are connected via the internet to their manufacturer for updates and other providers for billing,” Nicoletti told MailOnline.

Like a PC, chargers use firewalls – barriers that prevent someone from doing unauthorized web activity – for protection.

However, some chargers do not, making them vulnerable to cyber attackers with malicious intent and malicious software updates.

The chargers can also be physically modified, according to Nicoletti, who said criminals are “four screws away from touching the computer’s innards.”

“EV chargers use “open-source” computing platforms that have known compromises and access,” he told MailOnline.

They are usually unmanned and not monitored by cameras, nor are they “hardened” against physical attacks, such as an ATM for example.

Petrol and diesel vehicles are being phased out in favor of the technology, but security flaws in EV software may be overlooked (file photo)

Petrol and diesel vehicles are being phased out in favor of the technology, but security flaws in EV software may be overlooked (file photo)

Typically, EV drivers must pay to use a public charger by tapping a payment card against the machine, such as a contactless credit or debit card.

But just like ATM skimming scams, compromised EV chargers can cause your card details to fall into the wrong hands and unauthorized transactions to take place on your account.

In addition, users who regularly charge an electric vehicle may leave a data trail – a potential privacy risk.

When charging an EV, the user often provides an RFID card as proof of identity at the charging station, sending personal data into the system.

If the user is not anonymous and at the same time it is known which charging stations he or she has used, this information can be used to create a movement profile.

Cybercriminals can also make changes to an individual charger so that it provides free power when they want it, or access an entire network of chargers via the cloud to disable them.

Even more serious problems include the charger’s safety features being compromised as cars become overcharged and damaged, potentially leading to fires.

“The electronic control box that controls the flow of electricity to the car is vulnerable to physical and programmatic changes, modifications and compromises,” says Nicoletti.

“Compromises at this level can turn chargers on and off and affect the power grid, or overload the car, or otherwise damage the car’s batteries.”

Countries around the world are making efforts to ramp up the number of electric cars on the road so that gasoline vehicles can be phased out, citing health concerns due to their toxic tailpipe emissions.

By 2030, the British government plans to end sales of diesel and petrol cars in favor of electric cars, while the Biden administration has a $5 billion plan to create a new network of 500,000 electric charging points.

But the technology’s security threat may be overlooked and there will “definitely” be an increase in EV-related attacks in the future, Nicoletti said.

“More chargers equals more risk, especially if they are all from one manufacturer and the hackers find a vulnerability, which can then affect a large number of chargers at once,” he told MailOnline.

a study last year expressed “concern about the lack of adequate security considerations” in the design of EVs that have already been deployed.

EV drivers should ensure they have the most up-to-date software on their car and look out for chargers that look like they have been tampered with.

“Monitor your EV charging station manufacturer and the one you use in public,” Nicoletti said.

“Use a separate credit card for EV charging to easily monitor transactions and trade-offs.”

How environmentally friendly are electric cars REALLY? Experts reveal how they fare compared to petrol versions

Electric vehicles (EVs) are often touted as an environmentally friendly solution to the climate crisis, but one of Britain’s most famous motorcycle enthusiasts believes this is not the case.

In an article for the guard Published in June, comedian Rowan Atkinson says electric driving “doesn’t quite seem to be the panacea for the environment it claims to be.”

EVs are powered by lithium-ion batteries that require “a lot of rare earths” and huge amounts of energy to produce, he claims, citing research from Volvo.

Atkinson – who expresses his love of cars and has a degree in electrical and electronic engineering – said he feels “duped” by electric vehicles and thinks “keeping your old petrol car might be better than buying an electric car” .

MailOnline takes a look at some issues and speaks with experts to see if the green reputation of electric cars is really exaggerated.

read more