A Hacker Could Steal Data from Your EV Charger in Under 10 Minutes
Pen Test Partners is a cybersecurity company tasked with breaking into the EV infrastructure. They take products like EV chargers and actually try to infiltrate them. This service exposes gaps in security and helps manufacturers prevent breaches before actual hackers get in. In a recent video, Pen Test Partners shows how quickly a hacker can steal data from your EV charger.
The video, embedded below, covers one of many modern cybersecurity threats connected to cars today.
Hackers might easily take over home EV chargers
Ken Munro co-founded the UK-based firm and quickly shows viewers how a home EV charger cover can be opened. It’s almost like a smoke alarm. A circuit board inside can be popped out. The board can then be read. The board can contain a bevy of personal data, including your wifi password.
With the wifi password, a hacker could infiltrate your home internet network and have a heyday on whatever other personal information they find, including your bank info.
The problem stemmed from home charger manufacturers pushing their products out as fast as possible. This left full-blown security measures in the dust. Several manufacturers have realized their flawed actions and made amends via new model versions or updated software. However, the hardware issues from legacy models or EV chargers that remain un-updated could still pose a security risk.
What’s more, hacking might not stop at individual chargers.
How can EV charger hackers enter the power grid?
Munro says that sophisticated hackers can technically coordinate networks of EV chargers and cause thousands of electric cars to either start or stop charging at once.
One Pen Test Partners exercise involved simulating such a security breach. “We’ve created attacks that could be used to switch thousands and thousands of EV batteries at once,” Munro explains. “That could cause power spikes on the grid, which could cause blackouts.”
But how would they do it? One EV charger manufacturer used the serial numbers posted on the side of the unit as a credential to access its own software. Pen Test was able to take a single serial number and, because the serials were in numerical order, go up and down the line of neighboring identification numbers and hack into however many they wanted to.
According to Munro, if hackers are able to infiltrate an EV charger network remotely, they could potentially cause as many cars as they want to stop or stop charging simultaneously or even control the vehicles themselves.
It certainly sounds like something out of a science fiction film. However, the video also cites an NYU study from 2020 wherein a group of hackers accessed fewer than 1,000 chargers and were able to simulate taking down Manhatten’s entire power grid.
As EV charger manufacturers rush to fill the increasing U.S. demand, foreign cyber attack risk increases as security measures remain on the backburner over quick product release and delivery.
“The growing complexities of EVs and the networks they’re connected to makes protecting them from attacks even harder,” says Munro. “You have more lines of code in your vehicle than there were used in the rockets that went to space. There’s just this enormous attack surface.”