Heavy reliance on imported parts, coupled with haphazard EV cybersecurity protocols, and fueled by high land and cost premiums.
The automotive world is shifting gears: from fuel to electric. With faster adoption of electric vehicles (EVs) globally, the software integrated in them is creating huge data sets that can play a crucial role in transforming the industry.
EVs are equipped with banks of sensors that are connected to the Cloud and can also be wirelessly exchanged between other EVs. Even the charging stations for EVs have been shown in vulnerability testing to be potential targets for hackers.
As innovation in EV tech races against time to meet zero carbon footprint pledges worldwide, an ever-increasing range of cybersecurity issues needs to be detected now, before automated vehicles hit the mainstream. Imagine a situation where a range of EV crashes is perpetrated by bad actors!
Of what value is EV data?
Cybercriminals can use unprotected physical communication links and app vulnerabilities to deliver DDoS attacks, ransomware and trojan viruses.
They can also steal personal and financial data pertaining to a specific demographic. Payment details at public EV charging stations are also a big draw for hackers. Some charging stations use out-of-date open charge point protocols based on HTTP, which does not encrypt data or communications. This could lead to relay attacks where attackers can use Wi-Fi signals to rewire charging requests altogether and gain root access to the station.
Even the near-field communication card used to handle billing when drivers charge their EVs can be a huge potential threat. Third-party providers of the ID cards themselves are big problems, as they may not properly secure customer data. In some instances, dishonest third-party providers were able to copy the NFC cards and use them to charge their own vehicles.
To safeguard data at public EV amenities, open payment systems can be used via the Vehicle-to-Grid communication standard to offer secure, interoperable, and convenient solutions.
Other sources of EV data risks needing protection include:
- Ignition sequences: If hackers can intercept remote control codes, they can steal EVs easily. Virtual private networks can be a great tool to protect the EV and other operational data.
- Manipulation of charging stations: Each vehicle that uses a public charging station generates data on its location and charging time, along with information on the average hourly power draw at each station. Power usage information is also critical for malicious actors to manipulate demand at a particular charging station. This information is easily accessible as it is transmitted wirelessly by third-party apps that cater to EV owners.
- Software updates: The onboard software in the EVs require navigational and security updates and need dedicated communication links back to the manufacturer to transmit patches and updates. Implementing digital signatures in EV infrastructure could be instrumental to tightening data security.
- Encryption and access control: To limit accessof the vehicle and its data,Freight-on-Board keys should be stored in an enclosed metal box to prevent cloning or message relaying. Strong password hygiene also needs to be mandated for onboard mobile applications to establish communications with vehicles. Also, EV manufacturers must ensure strong encryption for over-the-air firmware updates, inter-engine control unit communications and other EV communications.
The EV landscape in India
For developing countries like India that want to transform a major part of transportation to electric, costs and economies of scale are high—and inextricably linked to the cost of sheering up EV cybersecurity as well.
According to A Shankar, Head of Strategic Consulting and Valuation Advisory (India), JLL: “There will be a premium of at least 1% for spaces in existing buildings to be retrofitted as charging points. Challenges include the high cost of charging units; limited power supply capacity in some large residential complexes/multistorey buildings and internet connectivity constraints.”
In the short term, wherever there is good demand of at least 60% of residents owning EV’s, the cost premium can go up to 2% or even 5%, especially in new green residential complexes, said Shankar.
The high costs of building sufficient EV infrastructure is bottlenecked by heavy reliance on foreign exports from countries. PwC India has estimated that the country’s EV industry is forced to import as much as 80% of parts. This opens a plethora of backdoor entry points for malicious actors. Internet of Things (IoT) communications, when hacked, can escalate from a single infected EV to multiple charging stations and then to whole network of EVs and even the city’s electricity grid.
According to Akihiro Ueda, Founder of Terra motor: “While we’ve seen a lot of security issues in the international market where EV adoption has been greater compared to India, with most of these issues being limited to IoT enabled EVs which were charged either at common charging stations or with chargers made by third party manufacturers. No such complaints have been reported here in India yet as not a lot of EVs run on IoT platforms, and people here in India prefer using company-manufactured chargers and there are not a lot of common charging stations around. For customers, we always recommend using company-manufactured chargers, but for now, we ask them to refrain from using common charging stations until security protocols are being deployed. Better to be safe than sorry!”
Currently there is no universally adopted cybersecurity protocol to protect data generated by electric vehicle charging. Hence collaboration is needed between vehicle and power station component manufacturers, utility companies and third-party service providers. The stakeholders need to agree upon a unified set of cybersecurity standards and to encourage EV owners to have strong password hygiene.