Cyberattacks Ramp Up on Electric Vehicles at Charging Stations

Is cyber security a big problem in the auto industry? More than you realize. As cyberattacks ramp up, electric vehicles are vulnerable. You’ll be stunned to hear how many cyberattacks the auto industry has to fend off every day–something that doesn’t get talked about much publicly.

Mandates for electric-vehicle sales have raised concerns over poorly defended charging stations and the possibility of hacks of wider power grids. Europe and the U.S. push to ramp up development and sales of electric vehicles, researchers are concerned that cybersecurity is being neglected. Recent attacks could come in through the charging network, this is very concerning.

In the worst of cases, hackers could engineer blackouts and do damage to entire electric grids by infiltrating charging stations and networks, officials and security analysts warn. But how does this affect your vehicle while charging. 

Cybersecurity firm Upstream said there were 295 cybersecurity incidents in the automotive and mobility space in 2023. They stated, “The risk is that, unlike a data leak or a bricked phone or laptop, even a minor car hack can be hugely disruptive to people’s lives.” Britain’s Royal United Services Institute think tank said “the proliferation of EV charging stations and related devices being connected to the grid is widening the attack surface.”

According to the Israel-based Upstream firm, from 2019 to 2023 disclosed cybersecurity incidents in the automotive and mobility space increased by more than 50%, with 295 such occurrences in 2023. Some 64% of these attacks were executed by “bad hat actors” with malevolent intent, the report said. And 65% of deep and dark web cyber activities last year “had the potential to impact thousands to millions of mobility assets.”

Last week we discussed the data collection and the connectivity of our vehicles. As our cars have more software and computer processes we open our vehicles up to cyber hacking. 

For EVs, the connected charging network is a target. In a dramatic example of that, on February 21 the Telegraph newspaper reported that the Office for Product Safety and Standards in Britain told Wallbox that its Internet-connected Copper SB EV home charger was not properly secured against hackers and couldn’t be sold.

According to the newspaper, “Critics say continued sales of the charger… risks letting hostile nations disrupt the UK’s critical national infrastructure.”

Close to 40,000 of the chargers have been sold in Britain, at a cost of £500 ($631). Reportedly, updated Copper SB EV chargers can still be sold until June 30, but the company has stopped marketing the device. Wallbox says this charger is not available in the US. This story highlights that cybersecurity vulnerabilities are not always localized to computers and software.

In 2021, Ukrainian hackers broke into Russia’s biggest EV charging network and claimed to have stolen 900 gigabytes of data from it.

But there is more on a larger scale, last year, the National Institute of Standards and Technology created guidance that called on companies deploying fast chargers to secure their digital payment systems. The government’s report said that in 2023, the US had more than 48,000 public charging stations, and they “connect and communicate with cloud providers and third-party vendors for electric vehicle charging station location information, billing and other services.”

The big vulnerability of cyberattacks is the utilities that provide the power. The interface between the EV and the charging station via the cloud “presents a potential attack surface for malicious actors to cause damage, ”that’s a vulnerability, along with the utilities that provide the power. The interface between the EV and the charging station via the cloud “presents a potential attack surface for malicious actors to cause damage.”

The cyberattacks are not just theoretical. Each of these systems represents a set of interconnected attack vectors. EVs, for example, interface with dealerships, mobile phones, navigation, mapping, telemetry, entertainment, vehicle-based web browsers, other vehicles, driver assist systems, over-the-air software updates, and more.”

These and other warnings led automakers to band together. “An attack on one is an attack on all,” said the Automotive Information Sharing and Analysis Center. What we do know is that such cracks could conceivably permit hackers to access vehicle data, consumers’ credit card information, allowing hackers to stop or start charging at will. That could leave frustrated drivers without a full battery when they need one, but it’s the cumulative impacts that could be truly devastating.

Many home users leave their cars connected to chargers even if they aren’t drawing power. They might, for example, plug in after work and schedule the vehicle to charge overnight when prices are lower. If a hacker were to switch thousands, or millions, of chargers on or off simultaneously, it could destabilize and even bring down entire electricity networks. 

Think this can’t happen? It already has, the United States glimpsed what such an attack might look like in 2021 when hackers hijacked with a Cyberattakc, the Colonial Pipeline and disrupted gasoline supplies nationwide. The attack ended once the company paid millions of dollars in ransom.

I’m not fear mongering, this is real. Make your passwords more difficult, change them often, and when done charging your vehicle, disconnect your vehicle. There is more on this coming and we will keep you posted.

You can support me by buying me a cup of coffee. Thanks for subscribing and your support!

We will be reviewing all of the newest cars on our YouTube channel Car Coach Reports.

Looking for more automotive news? Go to our second channel!

Additional articles on our website


Total Car Score Podcast ► Hosts: Lauren Fix, Karl Brauer and Javier Mota.

Scroll to Top