Last year Americans purchased slightly less than 200,000 electric vehicles which are supported by approximately 47,000 US charging stations, according to Statista. The growth rate of electric vehicles is high and shows no signs of slowing down.
But with this growth comes a new threat: cyber-attacks on charging stations. Today’s charging stations supply around 100-150 kw of power, but as rapid-charging technology evolves, these numbers will rise to 350 kw or more. Higher power can lead to increased danger if mishandled, accidentally or maliciously.
Imagine a scenario where an attacker hacks into a connected charging station and tampers with the mechanisms for stopping the charge once the car battery is full. The battery, the car itself or even the occupants could be injured by the grossly overcharged battery.
The US Department of Energy has imagined scenarios like these and recently provided a grant to a group of researchers, including OnBoard Security, to investigate possible attacks like these. Our team, led by Dr. Jonathan Petit, will be creating a threat model and vulnerability assessment tasks on battery electric vehicles (BEV) and electric vehicle supply equipment (EVSE). Jonathan and his team will also create a formally verified firmware update procedure for the EVSE using shared cryptographic keys between the BEV and EVSE.
Security threats can also result in an invasion of privacy. To address this challenge, the OnBoard Security team will conduct a Privacy Impact Assessment of electric vehicle- charger communication to determine if the data being used for billing or charging purposes could jeopardize the users’ privacy. If privacy is found to be at risk, they will design and implement privacy-preserving communication methods and submit these as recommendations to the relevant standardization bodies.
Attacks on electric vehicle ecosystems could harm drivers, passengers or passers-by. They could also damage the vehicle, the charging station or even the electric grid. The US DoE is being proactive in hiring our team to investigate these vulnerabilities and related threats. The result – a safer electric vehicle ecosystem for us all.