Another Expert Warns about EV Cybersecurity Risks: “anything that is ‘smart’ digitally is also entirely hackable”

By B.N. Frank

Over the years, experts and researchers have warned about cybersecurity and privacy risks associated with all “smart” technology (see 1, 2, 3, 4, 5, 6, 7) including what’s installed in motorized vehicles.

For those keeping track, Utility Dive recently published a new terrifying expert op-ed about electric vehicles (EVs), their charging stations, and other “smart” and/or Internet of Things (IoT) enabled devices:

EVs are more popular than ever. They’re also extremely prone to cyberattacks.

If action is not taken to uniformly protect electric vehicles and charging infrastructure from cyber threats, the very mobile exoskeleton of the U.S. could be targeted.

By Shahid Mahdi

Shahid Mahdi is a product manager at EnerKnol.

Gas giant Colonial Pipeline falling to the stealthy sabre of DarkSide, a notorious Russian ransomware group, was a seminal moment in the annals of cybersecurity. Prior to this, cyber influence was either mythologized as being a capability for states to accomplish their geopolitical or informational goals, like Stuxnet, or it had been relegated to being a peripheral topic of pop culture, with mass media promulgating images of people frantically hammering away at keyboards and hooded figures lurking in dark corners.

But in May of 2021, Colonial Pipeline, acting out of panic in the face of an invisible adversary they had not faced before, shut down, and in doing so stymied millions across several critical infrastructure sectors. Cyberattacks and disruptions have embedded themselves into the fabric of this decade’s life as nations all jostle to spread their influence within a new, formidable plane beyond land, air and sea, and the automotive industry is in for a not-so-joyful ride.

The digitization of vehicles, notably electric ones and commensurate charging infrastructure, presents new challenges and risks in the cyber domain. The average electric vehicle has about 3,000 chips, more than double the number in non-electric vehicles, rendering it that much more prone to cyber risks from these chips’ software. Charging stations — 500,000 of which will be installed with funding from the Infrastructure Investment and Jobs Act — will be relied upon to safely store sensitive, personal data including payment information and insight into drivers’ routines.

Yet, all of the above exists on IoT networks as part of a collective surge towards a “smart device” future. Our fridges, phones, audio speakers, thermostats and fitness trackers exist on highly sophisticated, shared networks, and now our cars do too. In one respect, the notion of everything slotting into the same software ecosystem, e.g. Apple synchronizing your iPhone’s contacts on CarPlay, is massively convenient. Looking up that upstate getaway route on your iPad? Your car’s GPS is already suggesting the fastest path as you turn the keys.

However, we must come to terms with the unsavory truth: anything that is “smart” digitally is also entirely hackable. Vehicles from an array of manufacturers now experience software updates as routinely as your smartphone does. Said updates account for dozens of vulnerabilities that a car software’s native engineers are paid to discover before an adversary can exploit them.

The future is now, and we’re getting a peek into the multifaceted threats that “smarter” technologies, notably cars, are vulnerable to. The NCC Group, a notable cybersecurity firm, showcased how easy it is to unlock Tesla car doors by interfering with their Bluetooth capabilities. Pen Test Partners were able to identify a “backdoor” in charging stations that can permit the perpetrator access to the smart-device network in homes.

Public charging infrastructure, which is embedded into outdated grid systems, has already cemented itself as a ripe target for compromise. As is the case innately with cyber affronts, the enemy is invisible and clandestine — Deloitte Canada reports that 84% of cybersecurity-concerning EV incidents derived from remote attacks; with 50% of said malware deployed in the past two years.

As buyers switch from gasoline-powered vehicles to electric ones, they need to be cognizant of the new frontier of cyber threats. Reputable cybersecurity experts including Roy Fridman, CEO of C2A, have been vociferous about how security needs to start at the automaker level. But beyond that, regulatory standards should be set in place.

Some promising steps, and more to be done

Across the past year, some promising steps have been taken, notably in the form of ISO/SAE 21434:2021, which outlines software testing requirements for vehicle manufacturers, as well as the National Highway Traffic Safety Administration’s proposals pertinent to said software. State and federal legislatures, in the wake of the Colonial Pipeline incident, have also begun to push cyber security preparedness bills through their chambers: The U.S. House of Representatives introduced an abundance of cybersecurity training bills in November 2022, along with the Small Business Cybersecurity Enhancement Act and the U.S. Senate’s Intragovernmental Cybersecurity Sharing Act.

But automakers, car owners, grid operators, governmental entities, and especially car owners need to be in tandem about holistic cybersecurity protocols. Non-state cyber threats that are fostered and tolerated by the governments of Russia and China will only increase in power as geopolitical bellicosity rises.

In the same manner that the North American Electric Reliability Corporation erected the Reliability and Technical Committee to uphold summer and winter readiness standards in the wake of Winter Storm Uri battering Texas in 2021, the Biden Administration ought to create a specialized, public-private partnership forum wherein manufacturers, highway administrators, cybersecurity experts, and state representatives can begin to foster a dialogue that urgently needs to start.

By 2030, it is projected that over 60% of all vehicle sales globally will be electric. This permeates into industries and functionalities beyond the common civilian motorist: freight transportation, law enforcement, ambulances and emergency response team vehicles; even gig-economy worker transportation methods. If action is not taken to uniformly protect electric vehicles and charging infrastructure from cyber threats, the mobile exoskeleton of the U.S. could be targeted.

Smart technologies have dramatically convenienced our lives, and the environmental ramifications of en masse fleet electrification is a firm step in the right direction. But in cars getting “smarter” as they get more digitized, we must also ask if they are getting safer.

Activist Post is Google-Free
Support us for just $1 per month at Patreon or SubscribeStar

Wait a minute!  If “anything that is “smart” digitally is also entirely hackable” and the hacking of smart technologies continues to be widely reported, that doesn’t sound like “Smart technologies have dramatically convenienced our lives”!

But I digress – or perhaps the op-ed writer digressed.  In regard to EVs and their charging stations, in addition to cybersecurity risks, there are numerous other issues associated with them including environmental.  After all,

• Mining for EV battery ingredients IS NOT eco-friendly (see 1, 2, 3, 4)
• EV batteries are difficult and expensive to recycle (see 1, 2)
• EVs emit high levels of biologically and environmentally harmful electromagnetic and wireless radiation (see 1, 2, 3, 4, 5, 6, 7)
• EV batteries are prone to fires and fires that are difficult to extinguish (see 1, 2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
• Charging EVs threatens power grids (see 1, 2, 3, 4, 5) and medical implants

Also noteworthy,

• Cold weather reduces EV battery performance
• Oversized EVs create increased road safety risks
• EVs aren’t inexpensive to buy or maintain

Regardless of all of the above, according to some reports, EVs are selling like hotcakes in the U.S.  They also still have many proponents including the Biden Administration which continues to fund their manufacturing, maintenance, and operation.  We can only hope that sooner rather than later all risks associated with EVs as well as all “smart”/IoT-enabled technologies will be eliminated.  Until then, Buyer beware!

Activist Post reports regularly about EVs and unsafe technologies.  For more information, visit our archives and the following websites:

• Wireless Information Network
• Electromagnetic Radiation Safety
• Environmental Health Trust
• Physicians for Safe Technology

Image: Pixabay

Become a Patron!
Or support us at SubscribeStar
Donate cryptocurrency HERE

Subscribe to Activist Post for truth, peace, and freedom news. Follow us on SoMee, Telegram, HIVE, Flote, Minds, MeWe, Twitter, Gab, What Really Happened and GETTR.

Provide, Protect and Profit from what’s coming! Get a free issue of Counter Markets today.