Electric vehicles and charging stations are the new attack vector

Unfortunately, in 2023, we have become accustomed to news of new cyber attacks. Hospitals, banks, retail stores, individual people – everyone is vulnerable.

The task of the information security industry is to fix the problem before it occurs. A great example of this is the upcoming onslaught of electric vehicles (EVs), self-driving cars, EV charging stations, and related cloud services. It is clear that this is the future. But it is also clear in advance that this entire infrastructure is a fat target for hackers.

“Within a decade, electric vehicles will become an almost mandatory mode of transport around the world,” writes Lila Kee, CEO of GlobalSign Americas Operations and Chief Product Officer of the company, in a column for Forbes magazine. “If the governments of the countries of the world do not radically change their policies, then soon we will all be driving EVs.”

By 2030, American roads are expected to have more than 26 million electric vehiclesbut even America not the biggest market.

Tens of thousands of charging stations will be built to power them. In the report S&P Global Mobility January 2023 saysthat by 2025 the US needs to quadruple its charging infrastructure and more than eightfold by 2030.

Tesla has a huge network of charging stations, but it’s not enough. New businesses will emerge to meet demand. But will cars and charging stations be safe? This issue is now receiving more and more attention. By words Sunil Chhaya, Senior Transportation Technician at the Electric Power Research Institute, “Hackers are everywhere, and the growth of the EV ecosystem is increasing the temptation to make money or otherwise gain.” 2022 attack on Russian charging stations And white hat attack on German Tesla charging stations add concerns about the security of this infrastructure.

According to experts, for the ecosystem of charging stations, it is necessary to increase the security of transactions between key components, which include the electric vehicles themselves, EV stations, power grids and the data transmission network. In this case, technologies that meet the following requirements should be used:

Strong authentication and encryption between end points. This is what digital certificates are for as part of a public key infrastructure (PKI). Deployment and management of certificates is easy with cloud-based PKI solutions that manage the entire device identification cycle from manufacturing to deployment in the field. Implementing encryption and strong identification is critical to protecting data.

Authorization mechanism to access only authorized users and devices. There are a number of Identity, Access, and Management (IAM) solutions that ensure that internal and external user access rights policies are enforced. It is likely that IAM systems will be particularly useful for charging stations, allowing access to the charging infrastructure to be limited to those users who are entitled to it.

situational awareness and perimeter protection. Hackers can attack charging stations both virtually and physically. Therefore, perimeter protection – a combination of strategies and devices to create an impenetrable system – should be one of the priorities. Strong firewalls should be put in place to protect the boundary between private EV filling networks and the public network to prevent malicious data from infiltrating.

Fortunately, there has not yet been a spike in the number of attacks on existing EV charging stations. It remains to be hoped that this trend will continue. But it is very important for practitioners to keep track of industry recommendations.

NIST NCCOE

Attacks on drones

Unmanned vehicles have become an additional target for intruders and vandals. In the absence of a living driver, new methods of attack appeared. For example, a Waymo self-driving car or Cruise can be disabled,

putting a traffic cone on his hood

. This knocks out the lidar – and the car is not able to move, because the machine vision does not work.

It is possible that Yandex and other unmanned vehicles are also affected by this vulnerability. Out-of-control vehicles can block traffic and create traffic congestion, endangering bystanders.

On social media, some activists who call themselves traffic activists urge to the installation of cones on unmanned vehicles in protest against the commercialization of transport. So drones “park” in safe places where they “do not threaten other road users.” Acts of vandalism are passed off as a public good.

It can be added that generative AI models have become a special target for hackers due to the hype of 2023. A special competition has been announced at the largest hacker conference DEF CON this year Generative Red Team Challenge on finding vulnerabilities in existing models (Hack The Future).