EV charger attacks

As of the end of 2022, there were 2.7 million public charging points worldwide, with over 900,000 installed in 2022 alone. Globally, more than 600000 public slow charging points1 were installed in 2022, 360 000 of which were in China, bringing the stock of slow chargers in the country to more than 1million. At the end of 2022, China was home to more than half of the global stock of public slow chargers.

Europe ranks second, with 460 000 total slow chargers in 2022, a 50%increase from the previous year. The Netherlands leads in Europe with 117 000, followed by around 74 000 in France and 64 000 in Germany. The stock of slow chargers in the United States increased by 9% in 2022, the lowest growth rate among major markets.

Recently attacks on EV charging stations have made headline, in the media lets dive deeper in these stories, in general attacks on EV chargers can be categorized in cyber & physical attacks.

1. Copper Theft at Charging Stations:

Thieves      have targeted EV charging cables at rapid and ultra-rapid charging sites, stealing copper from the cables. This criminal activity has been reported      since November.

"The electric vehicle charging industry faces a growing threat from cable thefts. Experts warn that thieves are specifically targeting the copper within charging cables at rapid and ultra-rapid charger sites, with incidents dating back to November. Autocar reports that Instavolt, Britain’s largest operator of rapid chargers (which includes Osprey Charging and BP Pulse), has experienced 174 cable thefts across27 sites."

This criminal trend highlights the need for increased security measures to protect charging infrastructure and ensure uninterrupted service for electric vehicle owners. Copper prices, which have reached record highs, make these cables an attractive target for thieves. Charging companies are actively cooperating with law enforcement to address this issue and safeguard their networks.

2. Security Vulnerabilities and Hacks:

A cybersecurity report identified vulnerabilities in six home electric vehicle charging brands and a large public EV charging network.

These vulnerabilities could allow malicious hackers to hijack user accounts, impede charging, and even gain unauthorized access to the owner’s home network.

In Russia, EV charging stations along a major highway between Moscow and St. Petersburg were disabled by hackers protesting the country’s invasion of Ukraine.

In a 2021 report by UK cybersecurity firm Pen Test Partners, vulnerabilities were discovered in sixhome electric vehicle (EV) charging brands and a large public EV chargingnetwork. These vulnerabilities highlight the uneven regulation of Internet ofThings (IoT) devices, which are increasingly prevalent in our homes,workplaces, and vehicles.

Theaffected EV charging brands include Project EV, Wallbox, EVBox, EO Charging’sEO Hub and EO mini pro 2, and Hypervolt. Pen Test Partners found security flaws across these brands that could allow a malicious hacker to hijack user accounts, disrupt charging, and potentially use the chargers as a “backdoor" into the owner’s home network. It’s a reminder of the importance of robust cybersecurity measures as IoT devices continue to proliferate.

"The report highlights the potential consequences of a hack targeting public electric vehicle (EV) charging station networks. These consequences include theft of electricity, impacting driver accounts, and the ability to manipulate chargers by turning them on or off. Notably, several EV charger platforms have faced API authorization issues, which could lead to account takeovers and remote access to all chargers.

One platform lacked any API authorization, allowing a short, predictable device ID to grant full remote control over the charger. Additionally, some EV chargers, such as Wallbox and Hypervolt, utilize a Raspberry Pi compute module—a low-cost computer often used by hobbyists and programmers. This module enables easy extraction of stored data, including credentials and the Wi-Fi pre-shared key (PSK).

The risk of compromise remains low due to the need for physical access to the charger. While all successfully disclosed API and hardware vulnerabilities were addressed by vendors, Raspberry Pi hardware issues persist. Despite these challenges, the report emphasizes the urgent need for better security practices in the smart EV charger space. Manufacturers must prioritize basic API security and secure hardware choices to prevent fraud, disruptions, and potential destabilization of power grids."

This situation underscores the importance of robust cybersecurity measures as the EV charging infrastructure continues to expand rapidly. As more homes adopt EV chargers and public charging networks offer increasingly powerful charging capabilities, addressing security gaps becomes critical to ensuring a safe and reliable charging experience for users while safeguarding our power grid.

Sources:

Thefts of charging cables pose yet another obstacle to appeal of electric vehicles (msn.com)

‘Desperate times’: California thieves are cutting Tesla charging station cables to steal copper — here are 3 ways to profit from rising copper prices without the risk of going to jail (msn.com)

Thieves target EV charging cables at rapid charging sites in latest wave of car-related crime (msn.com)

The unexpected security threats posed by EV charging stations - TechHQ