Everything EV

EV charging vulnerabilities and how to avoid them

As the country adopts an EV based future, we talk to Frank Stoeker about how to ensure a positive, data-safe experience with charging.

Frank Stoecker is CEO and co-founder of EMnify. A successful serial entrepreneur and recognised telecoms expert for over 15 years, Frank anticipated early that the new wave of connected services demanded new concepts to simplify connectivity on a global scale. He shares his advice with EV Powered …

A smarter electric future

Electric vehicles (EV) continue to capture a growing share of the new car market across the globe. In the UK, new EV registrations increased more than 76% year-on-year in 2021, with upwards of 190,000 new electric cars sold in the year. That’s around 11% of total car sales. And with the UK government planning to ban new registrations of petrol- and diesel-powered cars by 2035, the future can only be electric.

With a growing dependence on EVs, power demand will begin to build within the charging infrastructure. And too many EVs being charged at the same time could cause power surges and outages across the grid. That means EV supply equipment (EVSE), such as chargers and charging equipment, will need be interconnected and smart. When they’re all feeding information into a central system, power usage can be monitored and adjusted, protecting the power grid. Whether at home, on commercial estates or across the motorway network, EVSE is going to be smart.

Smart charging can create security risks

A system that’s able to control its power usage on a national scale can be a target for malicious actors. Instead of smoothing the power demands, a vulnerable network could allow attackers to take control of charging stations and issue charging commands at will.

The Mirai botnet infected millions of internet-connected devices, which then brought down web services by an orchestrated DDoS attack. A similar botnet could be used to hijack EV chargers, coordinating an attack on power cycles and bringing down the power grid. It sounds fantastical, but there’s a real likelihood that it could happen.

Late last year, Schneider Electric had to patch several vulnerabilities that exposed its EVlink electric vehicle charging stations to remote hacker attacks, while elsewhere in the UK security researchers found security failings in two home electric car chargers. This allowed them to turn the chargers on or off, remove the owner’s access, and demonstrate how a hacker could get into a user’s home network.

All these vulnerabilities come into play when EV chargers use Wi-Fi for connecting to the internet. This option often puts the retailer or private individual in charge of safeguarding the last mile of network security. And Wi-Fi is particularly susceptible to attack. Wrongly configured, poorly password-protected, or unpatched routers leave the door open for attackers, exposing EV chargers on the public internet. When this results in power grid failure or home network attack, who is liable for the damage done? And which entity will shoulder the financial burden? It’s far more secure to step away from Wi-Fi and use cellular connectivity instead.

Cellular connectivity takes control of EV charging security

Cellular connectivity allows EV charging businesses to take back control of that last mile. With cellular connectivity, EV charging devices are completely separated from any local network, and connect reliably over-the-air. That means there’s no interaction with unsecured devices in the proximity, and no risk of a cybersecurity breach.

With the rise of connectivity providers that are dedicated to the Internet of Things (IoT), the lifetime cost of this additional security is only a fraction of the overall cost of a charger. That’s without factoring in that it’s also a more reliable connection. Plus, there are other security and operational benefits that cellular has to offer, too.

A private cellular network overcomes OCPP security shortcomings

The Open Charge Point Protocol (OCPP) is a standard for EV charging stations. While OCPP is now robust, there are some incompatibilities. Without going into too much detail, only with version 1.6 and later do manufacturers need to test interoperability with other vendors as part of the Open Charge Alliance (OCA) certification. And because security measures in these versions have not been standardised, manufacturers often use their own security implementations.
Only OCCP version 2.0 introduces a comprehensive security framework that provides a secure, encrypted communication channel, allowing authentication between charge points and charging station management systems. A private cellular network sidesteps these issues.

No more public DNS attacks

Public DNS services are one of the most common targets for cyberattacks. DNS attacks are the root of DDoS attacks, where a targeted server, service or network is overwhelmed by a flood of internet traffic.
You’ll be glad to hear that charge points using cellular connectivity don’t need to use public DNS services. The charge point can communicate with a private DNS server in the CSP infrastructure that is completely protected against external attacks. This means all charge points, regardless of vendor or firmware version, are safe from DDoS attacks.

Enhanced data visibility means better device control

Beyond security issues, cellular connectivity allows for the detailed analysis of charge points. From identifying when charge points have operational issues, to disconnection instances, or when someone is misusing a device.
Being able to feed all this information about data consumption, connectivity errors and traffic patterns to a central data repository allows full visibility, and can also serve as a base for intrusion detection.

Putting it all together

When comparing Wi-Fi and cellular for connecting EV supply equipment to a smart national charging infrastructure, there’s no competition. Cellular connectivity is the most secure way to interconnect charge points from different vendors or OCCP versions. And when choosing a cellular connectivity provider for deployment, make sure you check the following features to secure your chargers:
IPsec
IMEI lock
Custom private DNS settings
Real-time streaming of connectivity data
24/7 support

As more suppliers switch from Wi-Fi to cellular connectivity, the infrastructure becomes more robust, with higher reliability, and all stakeholders have more confidence in an EV future.

Want the latest Electric vehicle news in your inbox? Sign up to the free EV Powered email newsletter...

Cherry Martin

As Associate Editor, Cherry covers news, reviews and features for Capital Business Media’s fast growing automotive and motorsports division. Working for the McLaren F1 events race team got Cherry hooked on all things speed related and she's keen to see how Formula E progresses.