by B.N. Frank, Activist Post:
Over the years, experts and researchers have warned about cybersecurity and privacy risks associated with all “smart” technology (see 1, 2, 3, 4, 5, 6, 7) including what’s installed in motorized vehicles.
For those keeping track, Utility Dive recently published a new terrifying expert op-ed about electric vehicles (EVs), their charging stations, and other “smart” and/or Internet of Things (IoT) enabled devices:
TRUTH LIVES on at https://sgtreport.tv/
EVs are more popular than ever. They’re also extremely prone to cyberattacks.
If action is not taken to uniformly protect electric vehicles and charging infrastructure from cyber threats, the very mobile exoskeleton of the U.S. could be targeted.
By Shahid Mahdi
Shahid Mahdi is a product manager at EnerKnol.
Gas giant Colonial Pipeline falling to the stealthy sabre of DarkSide, a notorious Russian ransomware group, was a seminal moment in the annals of cybersecurity. Prior to this, cyber influence was either mythologized as being a capability for states to accomplish their geopolitical or informational goals, like Stuxnet, or it had been relegated to being a peripheral topic of pop culture, with mass media promulgating images of people frantically hammering away at keyboards and hooded figures lurking in dark corners.
But in May of 2021, Colonial Pipeline, acting out of panic in the face of an invisible adversary they had not faced before, shut down, and in doing so stymied millions across several critical infrastructure sectors. Cyberattacks and disruptions have embedded themselves into the fabric of this decade’s life as nations all jostle to spread their influence within a new, formidable plane beyond land, air and sea, and the automotive industry is in for a not-so-joyful ride.
The digitization of vehicles, notably electric ones and commensurate charging infrastructure, presents new challenges and risks in the cyber domain. The average electric vehicle has about 3,000 chips, more than double the number in non-electric vehicles, rendering it that much more prone to cyber risks from these chips’ software. Charging stations — 500,000 of which will be installed with funding from the Infrastructure Investment and Jobs Act — will be relied upon to safely store sensitive, personal data including payment information and insight into drivers’ routines.
Yet, all of the above exists on IoT networks as part of a collective surge towards a “smart device” future. Our fridges, phones, audio speakers, thermostats and fitness trackers exist on highly sophisticated, shared networks, and now our cars do too. In one respect, the notion of everything slotting into the same software ecosystem, e.g. Apple synchronizing your iPhone’s contacts on CarPlay, is massively convenient. Looking up that upstate getaway route on your iPad? Your car’s GPS is already suggesting the fastest path as you turn the keys.
However, we must come to terms with the unsavory truth: anything that is “smart” digitally is also entirely hackable. Vehicles from an array of manufacturers now experience software updates as routinely as your smartphone does. Said updates account for dozens of vulnerabilities that a car software’s native engineers are paid to discover before an adversary can exploit them.
The future is now, and we’re getting a peek into the multifaceted threats that “smarter” technologies, notably cars, are vulnerable to. The NCC Group, a notable cybersecurity firm, showcased how easy it is to unlock Tesla car doors by interfering with their Bluetooth capabilities. Pen Test Partners were able to identify a “backdoor” in charging stations that can permit the perpetrator access to the smart-device network in homes.
Public charging infrastructure, which is embedded into outdated grid systems, has already cemented itself as a ripe target for compromise. As is the case innately with cyber affronts, the enemy is invisible and clandestine — Deloitte Canada reports that 84% of cybersecurity-concerning EV incidents derived from remote attacks; with 50% of said malware deployed in the past two years.
As buyers switch from gasoline-powered vehicles to electric ones, they need to be cognizant of the new frontier of cyber threats. Reputable cybersecurity experts including Roy Fridman, CEO of C2A, have been vociferous about how security needs to start at the automaker level. But beyond that, regulatory standards should be set in place.