Scientists from Sandia and other US National Laboratories “recently published a summary of known electric vehicle charger vulnerabilities in the scientific journal Energies.” The vulnerabilities range from payment card skimming to taking control of an EV charger network. The paper includes proposed fixes and changes to the EV charging infrastructure.
Note
- Remember that even the systems controlling good old gas pumps are still vulnerable. Why would anybody expect that companies will learn from old mistakes and do things “right” if they work faster and cheaper done vulnerable.
- This pretty much reads like early studies of the lack of security being built into Internet of Things. The good news is that funding to improve cybersecurity and safety overall of EV charging systems is included in the National Electric Vehicle Infrastructure Formula Program under the US Federal Highway Administration.
- While many of us consider the risk or EV charging from the perspective of load on the grid or power where the owner has the car parked, this report focuses on the technology behind that charging. Skim the paper to get a sense of all the technologies involved in EV charging. As such, the researchers were able to use low power SDR to interrupt the car charging, use RFID cloning to allow charging on someone else’s account, let alone exploiting insecure web interfaces discovered. This feels like the familiar story of time to market and cost to deliver versus security. The fixes aren’t unsurprising including securing access to physical ports, using proper encryption, removing unneeded services and keeping components updated. It is hoped that standards and best practices emerge from ongoing research between the Sandia, Idaho and Pacific Northwest National Labs. You may want to take a pause and reflect to see if you have projects which could benefit from increased attention to cyber hygiene.
- Cybersecurity has been both a board and executive leadership team focus area for several years. Any new product that is internet connected, has to be reviewed for security vulnerabilities prior to release; it’s part of the development cycle and factors into the risk management process. Cybersecurity best practices exist today—use them.
Read more in
- Review of Electric Vehicle Charger Cybersecurity Vulnerabilities, Potential Impacts, and Defenses
- Sandia studies vulnerabilities of electric vehicle charging infrastructure
- Shocker: EV charging infrastructure is seriously insecure
Alex Lim
Alex Lim is a certified IT Technical Support Architect with over 15 years of experience in designing, implementing, and troubleshooting complex IT systems and networks. He has worked for leading IT companies, such as Microsoft, IBM, and Cisco, providing technical support and solutions to clients across various industries and sectors. Alex has a bachelor’s degree in computer science from the National University of Singapore and a master’s degree in information security from the Massachusetts Institute of Technology. He is also the author of several best-selling books on IT technical support, such as The IT Technical Support Handbook and Troubleshooting IT Systems and Networks. Alex lives in Bandar, Johore, Malaysia with his wife and two chilrdren. You can reach him at [email protected] or follow him on Website | Twitter | Facebook
