Cyberattacks to electric cars have increased by 380%, with a methodology focused on disrupting the proper functioning of their charging stations and the functions of the vehicle itself, as well as stealing data stored in them.
More and more people are opting for electric cars, whether for innovation or environmental reasons. According to the Economic Survey 2023 in India, it is predicted that India’s Electric Vehicles Market will grow to a CAGR of 49% between 2022 and 2030, with an expected 10 million in annual sales by 2030. Electric Vehicles were also mentioned during the recent Union Budget 2023, where a budget allocation of Rs 35,000 crore was made for crucial capital investments aimed at achieving energy transition and net zero targets by 2070.
As electric cars implement more technological advances and become more connected, the risk of a cyberattack increases. The safety of drivers and the integrity of all the data they generate are at stake. Cybercriminals are always up to date with every attack formula and that, like them, it is imperative that the industry implements certain changes to prevent them. To achieve this, it is important to be aware of the current risks associated with electric vehicles. For this reason, Check Point Software would like to highlight the three entry points for a cybercriminal for electric cars:
- Remote vehicle hijacking: Imagine you are behind the wheel of an electric car, calmly enjoying your drive, and suddenly you lose control of the vehicle: it slows down, the steering wheel spins out of control, or the engine accelerates without you stepping on the gas pedal. An invisible driver has taken control of the vehicle without you being able to do anything. While it may sound like a fantasy from a fictional movie, this situation can become a reality. As electric cars become more automated and connected, they become more vulnerable to cyberattacks. Cybercriminals with advanced knowledge can exploit vulnerabilities in the car's electronic systems to take remote control, using methods that sound like something out of a spy movie.
- Potential threats at charging stations: Threats at EV charging stations are a critical aspect of cybersecurity that often goes unnoticed, so it is imperative to go to secure and trusted locations.
- Compromised charging process: when a user charges their electric vehicle, they may be at great risk, as attackers could attempt to manipulate the process: changing the charge level, interrupting the charge, or even causing damage to the batteries, which could significantly reduce the life of the vehicle and increase maintenance costs. In addition, these points may be fake, as cybercriminals could set up fake charging stations with the sole purpose of compromising your vehicles or stealing your personal information when connected.
- Beware of personal data: smart charging stations can collect information such as payment details, charging patterns and locations. If these stations do not have adequate security measures in place, cybercriminals could gain access and use it for identity theft or financial fraud.
- Malware on the road: attackers could gain access to the station and use it to distribute malware to connected EVs, allowing them to gain access to the vehicle's electronic systems.
- Malicious connections: charging stations are connected to networks, which means they are often connected to online payment systems. Denial of Service (DDoS) attacks could be infiltrated with malicious traffic, causing service disruptions and inconvenience to users.
- Malicious disruption of connectivity: autonomous vehicles rely heavily on communication between themselves and the road infrastructure. These connections allow them to share information about traffic, weather, and other driving factors. However, this reliance opens the door to cyberattacks that can have dire consequences, as by manipulating data transmissions, an attacker could trick vehicles into making poor decisions. A communication failure affects not just one vehicle, but other connected vehicles on the road, and can be a vulnerability that cybercriminals exploit to create confusion and traffic jams.
Check Point believes that climate change and the need to reduce our dependence on oil underline the imperative to migrate to greener forms of transportation. Concerns over cybersecurity could be another obstacle to the future growth of the electric vehicle market, so it is vital that the industry takes the threat seriously.
To keep an electric vehicle safe, it is important to keep software up to date, avoid public Wi-Fi connections, use strong passwords, and monitor the vehicle for unusual behavior. Drivers should also report any problems to the manufacturer. When using charging stations, always verify the authenticity of the station, and use secure connections. EV manufacturers should ensure the use of secure software with security built into the software, hardware deployment operations and the principle of ‘least privileged’ to restrict access to the software being used. On the other hand, it is highly recommended to monitor transactions and report any suspicious activity.
"The future of connected and electric vehicles is exciting, but it also presents significant security challenges”, said Sundar Balasubramanian, Managing Director at Check Point Software Technologies, India & SAARC. He further stated, "Addressing these and emerging challenges and ensuring secure deployment is essential to reap the full benefits of this emerging technology".
Author: Sundar Balasubramanian, Managing Director, Check Point Software Technologies, India & SAARC