Are Electric Cars Actually Easier to Hack?
Change can be scary. In the case of electric cars, it’s easy to imagine a future in which hackers can have their way with your EV—even manipulating how it drives. But the truth is that electric cars are not inherently more vulnerable to hackers than modern internal combustion vehicles. And despite automotive journalists’ best efforts to keep up with this rapidly evolving world of EV cybersecurity, early reporting exaggerates certain risks while failing to cover others.
Are electric cars easier to hack?
No. Electric cars are not inherently easier to hack. Their simple architectures may eventually make them more challenging to hack. But startups have fewer resources to devote to their early EVs’ cybersecurity than legacy automakers do.
Some have argued that electric cars run cybersecurity risks because they have an abundance of computers, receive software updates over wireless networks, and have fully electronic driving controls. But the truth is that almost every modern internal combustion car shares these same features.
When security experts hacked a Tesla to prove it could be done, they went in through the infotainment system. Obviously, they could have attempted the same attack on any modern car, whether an EV or ICE.
In fact, EVs have fewer complex parts and thus may prove less vulnerable in the long run. For example, shutting down a modern vehicle’s transmission control unit, engine control unit, or even its electric fuel pump would render it inoperable. But an EV’s powertrain consists of an electric motor attached to a battery. That’s it.
Brandon Barry is the founder and CEO of Block Harbor Cybersecurity which specializes in automobiles and has done extensive hands-on research with EVs. He said, “In general, EVs are mechanically simpler because they have less moving parts. In many cases, this has allowed automakers to centralize their EV’s electronic architecture which can make securing it easier. But make no mistake – more software and more electronics are entering into all vehicles, electric or not.”
Which EVs are the most secure?
You might want to think twice about which EV you choose. Block Harbor bought one of the first Mustang Mach-Es to study an EV that was “rushed to market very quickly.” Barry said, “In the end, there was nothing that was obviously skipped in the cybersecurity of the vehicle due to the transition to the EV. Ford did a pretty good job at ensuring that that EV inherited a lot of the cybersecurity efforts from the previous vehicles.”
But vehicles engineered by startups are more concerning. These smaller EV companies don’t have the same resources to dedicate to cybersecurity as legacy automakers. In the current industry, getting vehicles to market rapidly is critical to a startup’s success.
Barry warns, “Things like cybersecurity—that tend to slow down the development process and delivery of those vehicles—can be overlooked.”
Can you hack an electric vehicle charging network?
Yes. Hackers have already proven they can break into EV charging stations. Documented attacks only include messing with the display screens, but criminals holding a charging network hostage is a distinct possibility.
In a recent article, the Wall Street Journal speculated that hackers could load malware onto chargers to infect any EVs that plug in. While anything is possible, the Journal’s own sources are much more concerned about a different EV cybersecurity threat. The Electric Vehicle Charging Association said, “The security of our electrical grids is of critical importance as we transition to electric vehicles.” This is because if bad actors could hold a major charger network hostage, the disastrous consequences could be as far-reaching as the oil embargo of the 1970s.
Barry agreed, “I’m generally more concerned about the chargers themselves than someone moving laterally into the vehicle.”
Is it possible to infect an EV through its charger? Barry added, “The industry is viewing the charging system as already compromised. And they’re taking very defensive strategies against the charger port.”
Should you be concerned about your EV being hacked?
If you choose an automaker with a proven track record of good cybersecurity practices, there’s no reason to suspect your EV will be more vulnerable to a cybersecurity attack than a modern internal combustion car.
With technology changing rapidly, EV automakers are doing their best to adapt to an evolving cybersecurity landscape. And journalists are doing their best to report on the changes. But we don’t always get it right.
The aforementioned Wall Street Journal article states that “an internal-combustion luxury car can have about 150 electronic control units.” It then cites a cybersecurity expert who has no apparent automotive experience saying, “that’s nothing compared to the 3,000 chips that we’re seeing in the average EV.” But this wording misses that control units and chips are different things: an EV can also get away with 150 control units while a modern ICE can also have 3,000 chips.
Technical details aside, our tone when discussing such threats is critical. The WSJ article is typical in ending with a quote, “Sometimes we need a wake-up call,’’ suggesting things will get worse before they get better.
The less dramatic truth is that the industry does not need a wake-up call. Block Harbor works with multiple OEMs. Barry concluded, “There are global regulations going into effect that are really setting the bar for what the cybersecurity of vehicles should look like. And there’s not an automaker out there that’s not seriously looking at this, and ensuring that passengers aren’t going to be exploited.”
In the meantime, we can all seek to educate ourselves on automotive cybersecurity. We can also ask automakers and dealers about the security offered by new ICEs and EVs, sending a clear message that this is an important issue to us drivers.
Next, see our full interview with Brandon Barry, or learn more about how hackers might target charging stations in the video below: