With the world making strides to become more eco-friendly, electric vehicles (EVs) have sprung into the mainstream vehicular market. Companies like Tesla, Rivian, Lucid, General Motors and Nissan have emerged as front-running innovators of this technology.
The aim is to make vehicles that are energy efficient and high-performance and that produce less emissions. They also contain technological capabilities like internet access, touchscreens, high-resolution displays and operational safety features – such as backup cameras, lane detection or anything else that aids in driver safety. In 2021, the United States reinforced this innovation by releasing the Bipartisan Infrastructure Deal, including $7.5 billion for building a network of EV charging stations.
However, with the emergence of these new technologies, internet-enabled cars, connected vehicles and the concept of smart cities, it is anticipated that we are also going to see an exponentially increasing number of cyberattacks.
Computer Science Professor and Cybersecurity Center Executive Director Shamik Sengupta, Electrical Engineer Assistant Professor Poria Fajri and graduate students Tapadhir Das and Suman Rath discuss the vulnerabilities of EVs and how people can be proactive about protecting the cybersecurity of their cars.
Can electric vehicles be hacked?
In 2022, a 19-year-old tech security specialist successfully hacked into 25 Tesla EVs in a dozen countries using a third-party software application called TeslaMate to access vehicle data and control. In 2020, a researcher at KU Leuven discovered a method to overwrite and hijack the firmware of Tesla Model X key fobs, allowing anyone to steal any vehicle running outdated software. In addition to the EVs, another primary target is the EV charging stations.
Research from Sandia National Laboratories investigated multiple attack vectors and vulnerabilities on these stations and found many areas where existing systems can be compromised. Common impacts could include disabling and intercepting vehicle-to-charger communication, system reconfiguration through compromised Wi-Fi or USB ports, or gaining local access allowing the hacker to jump from the charging station to the whole charger network through the cloud.
Fortunately, careful operational practices and early focus on security from the researchers, manufacturers and users can help alleviate the risks of cyber-attacks on EVs and their infrastructures. From the development side, solutions to protect against cyberattacks can include early vulnerability assessments, penetration testing (pen-testing) and shielding. In pen-testing, security mechanisms are deployed to identify and correct vulnerabilities from access points. Shielding entails the creation of a secure infrastructure surrounding vehicle-to-charger communication, consisting of security measures that can identify malicious traffic. From the manufacturer’s side, the focus should be securing onboard diagnostic ports, protected software updates, better firewalls and reliable hardware.
According to AT&T Cybersecurity, some basic mitigation techniques can help EV users ensure vehicle protection. Some of these tips include things like being aware of software updates, use of wireless services, protecting key fobs and removing cords when the car is not in use.
Dongles in the diagnostic port can be an entry point for hackers. Users should take out dongles when not driving the EV to reduce the attack space for hackers.
EV users should also protect their fobs. Hackers can intercept wireless fob signals to trick the car’s perception of the location of the fob. For security purposes, users should store the fob in a metal drawer to attenuate the fob’s signals when unused.
Wireless services in a car can also be a point of entry. To provide security, users should disable seldom-used wireless features. This reduces the attack surface and limits the impact of an attacker’s interference with the vehicle.
To protect against software vulnerabilities, EV users must download official software from trusted brands using a secure network. The users must also ensure that all vehicle and charger software is up to date.
EVs are a trending technology to make modern vehicles more connected, safe, convenient, energy-efficient and eco-friendly. However, they can get compromised by cyber-attacks. Therefore, EV manufacturers should dedicate more effort to cybersecurity from multi-dimensional perspectives to design, build and maintain next-generation smart and connected systems. Simultaneously, users should be aware of proactive measures that can protect their vehicles and stay informed about how to keep their EVs secure when on and off the road.