Partner content
Battery electric vehicles (BEVs) remain a serious cybersecurity risk
As battery electric vehicles join the global fleet, questions of security have increasingly been raised, particularly in relation to how vulnerable they will make the electric infrastructure that fuels the cars and, in some cases, takes power from them.
Warnings have already been sounded about the potential risks of charging but few of these of these warnings were based on actual hands-on experience. Ken Munro, a founder of the cyber-security firm Pen Test Partners, and his team were among the first security specialists to investigate existing vulnerabilities in the charging process by trying to hack into it. Munro said that they looked at smart chargers after the UK government had made them mandatory for all BEVs. “That was a big step,” he said. However, it created immediate security issues because many manufacturers rushed to make their EV chargers smart.
“That’s a big ask of a business that is used to making electrical components to very quickly understand cyber-security,” he said. “You have to have expertise in mobile apps, in APIs, in cloud computing, in cellular connections and in the embedded systems to enable the smarts in the charger. It’s a big ecosystem.”
The team spent 18 months investigating the security of smart chargers produced by six different manufacturers and also reviewed the security of some public charging networks.
“We discovered that a number of these manufacturers made mistakes – between them, about every mistake you could make,” Munro said. “Some were a disaster and actually dangerous, others created backdoors into your home network, so that by putting in place an EV charger you actually expose the cyber-security of your home and others created opportunities for hackers to destabilize our power grids.”
The risk was exclusively to the grid side of the charging process, rather than the vehicle – except when a breach prevented the car from charging. “There is very basic communication between the car and the charger but it’s not a conduit into the vehicle,” he explained. “I don’t think anyone has proved it yet.”
In some of the smart chargers they investigated, the company was able to take full and remote control of every charger on that manufacturer’s platform.
To read the complete article, visit IoT World Today.
