If you drive an electric car your primary concern may be ‘range anxiety’ – worrying if you’ve got enough charge to get to your destination.
But another issue you may not be aware of is the risk of having your vehicle remotely accessed by cyber criminals – and your personal data stolen.
Jake Moore, a security specialist at ESET, said electric vehicles (EVs) run software that have ‘flaws and weak points’ for hackers to target.
Installed on the car’s software are apps that often ask for details such as email address, telephone number and even credit card details.
So if they gain access to the vehicle (or the charger), this personal data can be stolen and potentially sold to the dark web, leading to lost funds, fraud and more.
Is your electric vehicle safe? Security concerns surrounding electric cars and their infrastructure are multifaceted, experts explain – but still governments are rushing to roll out the technology
By 2030, the UK government is planning to end sales of diesel and petrol cars in favour of EVs, while the Biden administration has a $5billion plan to create a new network of 500,000 EV chargers
In the UK, petrol and diesel vehicles are being phased out in favour of the technology, but Moore thinks security flaws in EV software may be getting overlooked.
‘As companies and governments fight in the race to build and install charging stations, malicious actors are not far behind looking to abuse the potentially weak on-board technology,’ he told MailOnline.
‘So much new technology is designed with one thing in mind – speed of manufacturing – and therefore, security gets pushed out and the devices are often left riddled with present and future flaws.’
EVs are connected to the internet and receive ‘over the air’ updates – delivered through a wireless network – to update their software.
But just like any computer or smart device, an EV is vulnerable to unauthorised access if it doesn’t receive regular updates or if it runs outdated software.
As demonstrated by a team of Belgian researchers with a Tesla, an electric car that isn’t running the latest software can also be unlocked and potentially stolen, if the criminal gets close enough.
Security concerns surrounding electric cars and their infrastructure are multifaceted, experts explain, but this isn’t stopping governments from racing to roll out the technology.
Pete Nicoletti, a researcher at security firm Check Point, agreed that unauthorised access to the EV is a threat, but a bigger issue is public EV chargers.
Hackers have already manipulated EV chargers to show pornography on their screens – but the potential security threats are worse.
EV chargers are internet-connected, run software and have display screens like any other device. Pictured, a BMW electric vehicle sits parked at a Volta EV charging station in Corte Madera, California
It is ‘quite easy’ for criminals to compromise EV chargers, one expert believes. View of a damaged electric car charging station on Rue de la Loge in Marseille, France
Nicoletti said it is ‘quite easy’ to compromise EV chargers, which are internet-connected, run software and have display screens like any other device.
‘All chargers are connected via internet to their manufacturer for updates and other providers for billing,’ Nicoletti told MailOnline.
Just like a PC, chargers use firewalls – barriers that stop anyone from engaging in unauthorised web activities – for protection.
However, some chargers do not, making them vulnerable to cyber attackers with nefarious intentions and malicious software updates.
The chargers can also be altered physically, according to Nicoletti, who said criminals are ‘four screws away from touching the computer guts’.
‘EV chargers are using “open-source” computing platforms that have well known compromises and access,’ he told MailOnline.
‘They are typically unmanned and not monitored by CCTV, nor are they “hardened” against physical attacks, like for example an ATM is.
Petrol and diesel vehicles are being phased out in favour of the technology, but security flaws in EV software may be getting overlooked (file photo)
Most of the time EV drivers have to pay to use a public charger by tapping a payment card against the machine, like a contactless credit or debit card.
But just like ATM skimming scams, compromised EV chargers could see you card details fall into the wrong hands and unauthorised transactions on your account.
What’s more, users who charge an electric vehicle on a regular basis may leave a data trail – a potential privacy risk.
When charging an EV, the user often provides a RFID card as proof of identity at the charging station, thus transmitting personal data into the system.
If the user is not anonymous and, at the same time, it is known which charging stations he or she has been using, this information can be used to create a movement profile.
Cyber criminals may also make alterations to an individual charger so it delivers power for free when they want it to, or accessing an entire network of chargers via the cloud to bring them down.
Even more serious issues include the charger’s safety features being compromised with cars being overcharged and damaged, potentially leading to fire.
‘The electronic control box that controls to flow of electricity into the car is vulnerable to physical and programmatic alteration, modification and compromise,’ said Nicoletti.
‘Compromises at this level can turn on and off chargers and impact the grid, or overcharge the car, or otherwise damage the car’s batteries.’
Countries around the world are making efforts to ramp up the amount of EVs on the road so petrol vehicles can be phased out, citing health concerns from their toxic emissions from the exhaust pipe.
By 2030, the UK government is planning to end sales of diesel and petrol cars in favour of EVs, while the Biden administration has a $5billion plan to create a new network of 500,000 EV chargers.
But the security threat of the technology may be getting overlooked and there will ‘absolutely’ be an increase in EV-related attacks going forward, Nicoletti said.
‘More chargers equals more risk, especially if they are all one manufacturer and the hackers find a vulnerability, then can impact a large number of chargers all at once,’ he told MailOnline.
A study last year raised ‘concerns about the lack of adequate security considerations’ in the design of EVs that have already been deployed.
EV drivers should ensure they have the most up to date software running on their car and keeping an eye out for chargers that look like they’ve been tampered with.
‘Monitor the manufacturer of your EV charging station and the ones you use in public,’ Nicoletti said.
‘Use a separate credit card for EV charging so as to easily monitor transactions and compromises.’