Research funded by the U.S. Department of Energy (DOE) is bringing the cybersecurity picture for EV charging infrastructure into focus.
Researchers at Sandia National Laboratories have been studying vulnerabilities in charging infrastructure for the past four years alongside other federal facilities, according to a Sandia press release, and recently published a paper with their findings.
"Electric vehicle charging infrastructure has several vulnerabilities ranging from skimming credit card information—just like at conventional gas pumps or ATMs—to using cloud servers to hijack an entire electric vehicle charger network," the release said.
2023 Nissan Ariya at EVgo charging station
Researchers looked at different types of interfaces, including vehicle-to-charger connections, wireless communications, cloud services, and charger maintenance ports for both AC and DC chargers.
They reportedly found vulnerabilities for each interface type, including the ability of hackers to intercept vehicle-to-charger communications from more than 50 yards away. Argonne National Laboratory researchers found that not all chargers had adequate firewalls to block incursions, while Idaho National Laboratory researchers found that some systems were vulnerable to malicious firmware updates. Charger maintenance ports could also allow for reconfiguration of a system, giving hackers access to an entire charging network from one unit.
Software vulnerabilities in some chargers have shown that they can be hacked, but so far the hacking has been limited to nuisance stunts. The grid could also be affected by vulnerabilities in charging stations, but it would be a very difficult attack for hackers to pull off, according to researchers.
Tesla charging (Courtesy of Tesla, Inc.)
To prevent that, researchers are recommending strengthened security measures, such as stronger authentication and authorization protocols for EV drivers using charging stations, as well as tamper-proofing of hardware.
EV charging cybersecurity has been discussed frequently, but with few clear conclusions. The White House Office of the National Cyber Director held a forum earlier last month on the subject. Otherwise, many of the reports on charger security up until now have been conducted by companies with some financial gain—like a security service to sell.
Tesla has for years challenged hackers to find issues with its vehicles. That's not an approach that charging hardware makers or charging networks have taken.