Increasing numbers of electric vehicle charging stations have major cybersecurity flaws, warn two researchers from Concordia University.
Connected to the Internet or to local networks, these charging stations are the “potential targets” of attacks threatening users, but above all the entire electrical network to which they are connected.
By exploiting flaws in the computer system, a malicious user has for example “the ability to unload your car remotely”, explains Tony Nasr, lead author of the study.
It is also possible for him to obtain some of your personal information, such as your name, your address, or your telephone number, whether the terminal is public or private.
But the biggest threat is to the power grid, said Chadi Assi, a professor who supervised the study. By simultaneously controlling a “very large number of charging stations and exploiting their management systems”, a malicious person can “overload or unload the electrical network, and sabotage its operations”.
Contacted by The duty, Hydro-Québec, which works closely with Concordia researchers, claims to be “very sensitive to the issue of cybersecurity”. The company indicates that it requires its terminal suppliers to put in place “measures to monitor, identify and repel all attempted attacks”.
Government incentives to adopt an electric means of transport and the growing demand for this type of vehicle imply the installation of a larger fleet of charging stations, which increases the risks of hacking.
In its Plan for a Green Economy 2030, the Legault government set itself the goal of having “1.5 million electric vehicles on the roads” by 2030, and adding “4,500 charging stations” in municipalities.
“To support the growing deployment of electric vehicles, we need to pay attention to the security of this infrastructure,” says Assi, who is a member of the National Cybersecurity Consortium, co-led by Concordia University.
It’s not just charging stations that need to be monitored, but a whole ecosystem
“With the war in Ukraine, there is a lot of talk about cybersecurity threats launched by states. For us, [les bornes de recharge] are an attack surface. It can turn off a power grid, we shouldn’t take any chances! concludes Chadi Assi.
The issue is not only security. The researchers suggest that these vulnerabilities could discourage potential buyers of electric vehicles. After detecting these flaws, the researchers contacted the various charging station suppliers, who have since “corrected most of these vulnerabilities”, underlines Tony Nasr. “But it is always possible to find new ones,” warns Chadi Assi.
“It’s not just charging stations that need to be monitored, but a whole ecosystem,” adds the professor. “It’s the support itself, it’s the management system that’s hosted somewhere in the cloud, it’s the app that a person will use from their phone [pour gérer le chargement de sa voiture] which are potential “attack surfaces”.
The two authors invite the user who has his own terminal and who would like to strengthen his security to “create a strong authentication password, use a firewall or disable Internet access”.
With Alain McKenna
This content is produced in collaboration with Concordia University.