Your Company’s EV Charging Station is a Prime Target for Car Hackers

Electric vehicle charging stations are the latest workplace perks used to attract the hottest engineering talent (are you the Tesla guy at your company?). But did you know that the charging port is one of the most vulnerable attack surfaces on your car?

 

A simple skimming device, similar to the ones used in ATM fraud, can easily be made and deployed on a charging station by a motivated attacker. When an unsuspecting employee plugs-in his or her electric vehicle and heads into the office, the skimming device can gain access to the private information stored on the electric vehicle’s onboard computers. This type of hacker exploit has been identified by cybersecurity experts as a weakness for charging providers.

 

Yaroslava Ryabova wrote an excellent article on the vast range of problems related to infrastructure cybersecurity due to industry players rushing unsecured charging stations to market. Some of your most private information can be viewed, modified or even deleted from your car’s in-vehicle network. In addition, an increasing number of cars are adding cell phone mirroring dashboards that enable drivers to project mobile content to the vehicle’s infotainment system. If a car hacker gained access to your infotainment system via the charging port, they could theoretically view your music playlist, frequently visited locations and, of course, your credit card information. Moreover, a chain of vulnerabilities could allow the car hacker to gain access to your company’s information from your Bluetooth connected company phone, including work-related emails, text messages, and stored files. Potential motives may include financial gain through a ransomware attack or to steal trade secrets.

 

The most horrific consequences of an electric vehicle hack could be tricking the car’s battery into thinking it has not been fully charged. Disabling the surge management system could trigger a powerful explosion causing significant damage to the car, the surrounding area, and its occupants.

 

Thankfully, Trillium’s engineering team has developed SecureIXS, one component of the company’s multi-layered cybersecurity solution that prevents would-be cyber-attackers from gaining access to your electric vehicle’s onboard computers. SecureIXS uses a firewall and machine learning algorithms to detect anomalous data patterns, such as an unauthorized request to access your private data while charging. Cutting-edge solutions like SecureIXS are a critical piece to the widespread adoption of electric vehicles and the nation-wide deployment of charging infrastructure.