© 2023 PDN Cyber Security Consultant. All rights reserved.
The popularity of electric vehicles has been increasing over the past decade. Growing environmental awareness and the desire to reduce greenhouse gas emissions are encouraging many users to purchase such a car. However, with this transition to greener, more modern transportation has come a new threat that we don’t necessarily think about: the piracy of electric vehicles and charging stations. This new phenomenon is causing growing concern among manufacturers, charging station operators, and end users alike. In this article, we explore the vulnerabilities that make these technologies susceptible to piracy and the associated risks.
In addition to being a cleaner alternative to traditional combustion vehicles, electric vehicles incorporate advanced technologies that improve quality of life, such as connectivity, automation and driver assistance systems.
These include sophisticated IT systems that control battery management and engine performance, as well as safety, navigation and communication functions. These systems, connected through mobile applications or online platforms, can become prime targets for hackers. Unauthorized access to these systems could make it possible to manipulate critical vehicle functions, such as disabling safety systems, changing driving parameters, or even stealing the vehicle itself.
The main threats to these vehicles are:
Electric vehicles are often connected to the Internet and can be tracked remotely. A hacker could exploit these connections to remotely locate, lock, or even start a vehicle in order to steal it or hack personal information.
Theoretically, a cybercriminal could disable anti-theft or safety devices, or even manipulate braking or steering systems to cause an accident. So far, however, all reported incidents of this type have involved the vehicle owner providing login credentials or taking control of his or her application.
Electric vehicles are often equipped with wireless communication systems such as Bluetooth, Wi-Fi or 4G/5G. These connections can be exploited by hackers to intercept sensitive communications between the vehicle and remote servers, enabling the theft of personal data such as navigation, payment or driving history information.
The batteries in electric vehicles are a key element in their operation and performance. A cyber attack could alter their state of charge, affect their operation, or even cause premature degradation. This could not only affect vehicle performance, but also compromise driver safety.
Modern charging stations are often connected to remote management networks that allow operators to monitor and control charging stations. While these remote connections are useful, they can also be entry points for cyber attacks. If charging stations are not properly secured, they can be compromised and used to harm users or infrastructure.
Charging stations provide energy to electric vehicles. As such, it is theoretically possible to manipulate the system to change charging rates, bypass payment, or even divert energy.
As with any IT system, it is also possible to introduce malware into the charging station management system, which could not only disrupt the proper operation of the charging stations, but also infect other devices connected to the network, including the electric vehicles themselves.
Charging stations are often connected to online payment systems and databases that store personal information. Hacking into these systems could compromise sensitive information such as users’ bank details or personal contact information. This poses a significant risk to user confidentiality and security.
Hackers could also use charging stations as an entry point for Distributed Denial of Service (DDoS) attacks by taking control of multiple charging stations.
It seems that some vehicles are harder to hack than others. All new Tesla models, the most famous and best-selling brand of electric vehicles, are regularly presented at hacker conventions. In 2022, the Tesla 3 was hacked in less than three minutes, and the hack targeted a key feature: remote start. In January 2024, Tesla participated in the Tokyo Pwn2Own, where hackers also managed to penetrate the system, but this time only in less critical elements: the entertainment system and the charging station.
Entire teams of “white hat” hackers – benevolent hackers who try to find vulnerabilities in a wide range of products to help manufacturers fix them – are now working on these problems. It appears that manufacturers are taking these issues seriously and are taking an active interest in making sure that the risk is minimized as much as possible.
Come back in mid-December for our last article of 2024, when we’ll discuss how best to avoid falling victim to these attacks. In the meantime, if you have a film, series, software or e-book to protect, don’t hesitate to call on our services by contacting one of our account managers; PDN has been a pioneer in cybersecurity and anti-piracy for over ten years, and we’re bound to have a solution to help you. Enjoy your reading, and see you soon!
Share this article
© 2023 PDN Cyber Security Consultant. All rights reserved.