Check Point shares three key EV cyberthreats, as cities in Asia Pacific find more and more EVs on our roads, carparks and garages.
On World EV Day on 9 September 2023, we celebrate the burgeoning adoption of electric vehicles (EVs) across the globe.
In our march towards a greener future, moving from conventional vehicles to EVs is an important step forward. However, there’s a parallel track we must tread with equal care: cybersecurity.
More and more people are opting for electric cars, whether for innovation or environmental reasons. But the environmental and technological benefits of EVs are not without risk as they present a new attack surface for cybercriminals.
In fact, according to the Global Automotive Cybersecurity Report, threats against APIs will increase up to 380% by 2022, accounting for 12% of all incidents.
As electric cars implement more technological advances and become more connected, the risk of a cyberattack increases. The safety of drivers and the integrity of all the data they generate are at stake.
Cybercriminals are always up to date with every attack formula and, like them, it is imperative that the industry implements certain changes to prevent them. To achieve this, it is important to be aware of the current risks associated with electric vehicles.
Check Point believes that climate change and the need to reduce our dependence on oil underline the imperative to migrate to greener forms of transportation. Concerns over cybersecurity could be another obstacle to the future growth of the electric vehicle market, so it is vital that the industry takes the threat seriously.
Tenable recommends that healthcare organizations in Asia Pacific take the following steps to protect themselves from cyberattacks:
- Conduct regular risk assessments to identify vulnerabilities
- Provide cybersecurity training to employees
- Maintain continuous monitoring of systems to detect potential threats
- Implement preventive and proactive measures to protect sensitive data, such as encryption and access controls
- Have a plan in place to respond to a cyberattack
Check Point Software highlights the three entry points for a cybercriminal for electric cars:
Remote vehicle hijacking: Imagine you are behind the wheel of an electric car, calmly enjoying your drive, and suddenly you lose control of the vehicle: it slows down, the steering wheel spins out of control, or the engine accelerates without you stepping on the gas pedal. An invisible driver has taken control of the vehicle without you being able to do anything.
While it may sound like a fantasy from a fictional movie, this situation can become a reality. As electric cars become more automated and connected, they become more vulnerable to cyberattacks. Cybercriminals with advanced knowledge can exploit vulnerabilities in the car’s electronic systems to take remote control, using methods that sound like something out of a spy movie.
Potential threats at charging stations: Threats at EV charging stations are a critical aspect of cybersecurity that often goes unnoticed, so it is imperative to go to secure and trusted locations.
- Compromised charging process: when a user charges their electric vehicle, they may be at great risk, as attackers could attempt to manipulate the process: changing the charge level, interrupting the charge, or even causing damage to the batteries, which could significantly reduce the life of the vehicle and increase maintenance costs. In addition, these points may be fake, as cybercriminals could set up fake charging stations with the sole purpose of compromising your vehicles or stealing your personal information when connected.
- Beware of personal data: smart charging stations can collect information such as payment details, charging patterns and locations. If these stations do not have adequate security measures in place, cybercriminals could gain access and use it for identity theft or financial fraud.
- Malware on the road: attackers could gain access to the station and use it to distribute malware to connected EVs, allowing them to gain access to the vehicle’s electronic systems.
- Malicious connections: charging stations are connected to networks, which means they are often connected to online payment systems. Denial of Service (DDoS) attacks could be infiltrated with malicious traffic, causing service disruptions and inconvenience to users.
Malicious disruption of connectivity: Autonomous vehicles rely heavily on communication between themselves and the road infrastructure. These connections allow them to share information about traffic, weather, and other driving factors. However, this reliance opens the door to cyberattacks that can have dire consequences, as by manipulating data transmissions, an attacker could trick vehicles into making poor decisions.
A communication failure affects not just one vehicle, but other connected vehicles on the road, and can be a vulnerability that cybercriminals exploit to create confusion and traffic jams.
EV cybersecurity tips
To keep an electric vehicle safe, it is important to keep software up to date, avoid public Wi-Fi connections, use strong passwords, and monitor the vehicle for unusual behavior.
Drivers should also report any problems to the manufacturer.
When using charging stations, always verify the authenticity of the station, and use secure connections. EV manufacturers should ensure the use of secure software with security built into the software, hardware deployment operations and the principle of ‘least privileged’ to restrict access to the software being used.
On the other hand, it is highly recommended to monitor transactions and report any suspicious activity.
“The future of connected and electric vehicles is exciting, but it also presents significant security challenges,” said Teong Eng Guan, Regional Director, Southeast Asia and Korea, Check Point Software Technologies. “Addressing these and emerging challenges and ensuring secure deployment is essential to reap the full benefits of this emerging technology.”
“The future of connected and electric vehicles is exciting, but it also presents significant security challenges,”
“Addressing these and emerging challenges and ensuring secure deployment is essential to reap the full benefits of this emerging technology.”Teong Eng Guan, Regional Director, Southeast Asia and Korea, Check Point Software Technologies