The ever-evolving cyber security threat can be thwarted off by continuous monitoring, gathering threat intelligence, and putting in place adaptive security measures for a safe and secure mobility future
Who would not remember the grandiloquent scene from the famous Hollywood flick ‘Fast and the Furious’ where international hacker and bad woman ‘Cipher’ played by Charlize Theron, in the quest to get her hands on a briefcase containing nuclear codes, decides to employ some hackers who take over a fleet of cars that are then flung on to the streets to stop a motorcade.
Of course this depiction of hackers taking over cars in the movie might be a little unrealistic. However, the advent of smart vehicles, including EVs and Hybrids as well as autonomous driving cars that depend on a network of digital connections and are interconnected, do render these vehicles vulnerable to cyber and malware attacks.
In the real world, these cyber vulnerabilities have already been taken advantage of, although many of them minor in nature. After Russia launched a military campaign in Ukraine, there were reports of shut down of chargers along a major highway in Russia with screens displaying pro-Ukraine slogans. Among the many other incidents reported worldwide, there was also one from the British Isle of Wight where chargers were compromised.
White hat hackers have time and again highlighted the vulnerabilities associated with these vehicles. At an event this year, Synacktiv security researchers compromised a Tesla modem and entertainment system, as well as three EV charging stations, while in 2020, experts at the SouthWest Research Institute reverse-engineered EV charger signals and circuits, disrupting charging cycles with low-cost spoofing devices.
Electric vehicles and installation of its charging ecosystem continues to progress at a rapid pace globally with the International Energy Agency (IEA) predicting that sales of electric cars could reach 17 million in 2024, accounting for more than one in five cars sold worldwide. Given that governments globally are introducing smart vehicles to reduce emissions and strengthen climate action, the sales of these vehicles will keep rising in the future and so will the risk of bad actors taking advantage of the vulnerabilities present in these tech-heavy and connected vehicles.
Fig 1: Self Driving car: Pic by Getty
Why Are Smart and Electric Vehicles More Vulnerable to Cyberattacks
Way back in 2015, two computer geeks, sitting hundreds of miles away, famously hacked into a Jeep plying on the highway by taking over its radio, speedometer and transmission and ultimately disabling the car's brakes, leaving it to slide into a ditch. In 2024, as smart vehicles take over the mobility landscape, this risk has manifested manifold. In EVs, every individual component is connected to a central operating system that helps in establishing a smooth and secure communication as well as keeping a close eye on the component’s health and performance.
EVs have hundreds of chips and softwares that help in controlling various components – batteries, motors, braking systems and others. Consumers also plug these vehicles into chargers, almost daily, making it easy for information to pass through the vast network of chargers and even the internet to the firms which manufactured them, apps of the owners and others. So despite the efficiency, it also enhances the chances of a single point attack to bring down the vehicle and the entire network of chargers; a case in point was how a 19-year-old security researcher had hacked into 25 Teslas around the world through a bug in a popular data tool.
The complex system of various components and different sets of technologies make these vehicles very vulnerable to such attacks, making it critical for manufacturers to put in place a robust cybersecurity apparatus to make the consumers safe.
Fig 2: EV charging stations are vulnerable to cyber attacks. Pic by Kelly Serfoss/Electrify America
Lurking Danger: What Can Hackers Do To Your Electric Vehicle?
Heavy dependence on digital technologies and the presence of more components in comparison to an Internal Combustion Engine (ICE) vehicle make EVs and smart vehicles even more vulnerable to cyber threats. Some of them are as follows:
- Intercepting Signals: Hackers can intercept fob key signals and gain access to vehicles. Most of the EVs get unlocked either through manufacturer apps which can be hacked into or RFID chips that can be easily cloned.
- Introduction of malicious software: Apart from compromising the vehicle safety and its functionality, malicious software can help hackers gain a wealth of data like user profiles, location data, and payment details stored in the EVs and their charging infrastructure network.
- Malware Exposure: Introduction of malwares into EVs runs the risk of compromising the safety features, functionality and data integrity of the vehicle, leading to grave inconvenience of the consumer and also threatening the critical charging infrastructure.
- Power grid vulnerability: Since most of the charging stations are connected to national assets like power grids, by hacking into this infrastructure, cyber criminals have the capability to disrupt the entire power ecosystem and even disable EV charging stations and operations.
Electric Vehicles: Common Dos And Don'ts To Ward Off Cyber Threats
There is, however, no need to get alarmed after reading about the vulnerabilities that these smart vehicles have. While manufacturers have put in place robust safety mechanisms, governments also have stringent guidelines in place which vehicle makers have to comply with to thwart these threats. These measures apart, there are certain minimum safeguards which even a common consumer can undertake in their everyday functions to minimise such cyber threats. Some measures recommended by experts are:
- Keeping the EV software up to date
- Avoiding public Wi-Fi connections
- Monitoring any unusual behaviour in the vehicle
- Keeping a strong password
- Reporting any issue to the manufacturer
- Checking the authenticity of charging stations
- Making use of secure connections
- Ensuring that EV manufacturer is using secure software that has built-in security
- Asking the manufacturer whether it uses the principle of ‘least privileged’ to restrict access to the software being used.
- Monitoring transactions through an app
Addressing The Electric Vehicle Cyber Threat Challenge: Measures Taken By India
The ever increasing sophistication and complex nature of EV components have made it a critical challenge for manufacturers and the government to secure the vehicles from cyber vulnerabilities. The Indian government too remains seized of the matter, acknowledging that even charging stations remain susceptible to attacks by cyber criminals.
Informing the Parliament through a written reply, Union Minister Nitin Gadkari had last year said the Indian Computer Emergency Response Team (CERT-In), mandated to track and monitor cyber security incidents in India, has received reports of vulnerabilities in products and applications related to electric vehicle charging stations.
"The government is fully cognizant and aware of various cyber security threats and is actively taking steps to combat the issue of hacking," Gadkari had said in a written reply. According to information reported to and tracked by CERT-In, the number of cyber security incidents during 2018, 2019, 2020, 2021 and 2022 is 2,08,456; 3,94,499; 11,58,208; 14,02,809 and 13,91,457, respectively, he had said.
Preempting such cyber attacks in vehicles, the road transport and highways ministry has also finalised a new draft, making it compulsory for Original Equipment Manufacturers (OEMs) to install Cyber Security and Management Systems to (CSMS) to ward off such threats. The draft rules say that the CSMS should include protective mechanisms against attacks on the vehicle’s electronic unit, autonomous driving components and infotainment systems.
The government has come out with such rules in line with the global standards laid down by the United Nations Economic Commission for Europe World Forum for Harmonization of Vehicle Regulations (WP.29). Given the inevitable rise in EVs and the potential vulnerabilities that come along with it, it is crucial that all stakeholders come together to thwart off this ever-evolving threat by continuously monitoring, gathering threat intelligence, and putting in place adaptive security measures for a safe and secure mobility future.
About the Author
