As the number of electric vehicles on the road increases, so does the demand for electric vehicle (EV) charging stations and internet-based management systems within these stations. Yet these management systems face their own problem: cybersecurity attacks.
Infographic
Elias Bou-Harb, director of the UTSA Cybersecurity and Analytics Center, and colleagues — Claud Fachkha of Dubai University and Tony Nasr, Sadegh Torabi and Chadi Assi of Concordia University montreal — are revealing the fragility of these networked systems.
In addition, they recommend that some measures be taken to protect these networks from harm.
The system built into the EV fulfills key duties over the Internet, including remote monitoring and customer billing, and the increasing number of networked EV charging stations is also true.
Bou-Harb and his researchers hope to explore the real-world impact of cyberattacks on EV charging systems and how cybersecurity countermeasures can be leveraged to mitigate them. His team also assessed how exploited systems could attack critical infrastructure, such as the power grid.
"Electric vehicles are the norm today. However, their management stations are vulnerable to security breaches," Bou-Harb notes, "and in this effort, we strive to identify their associated security weaknesses and understand their impact on EVs and smart grids, while providing advice and sharing our findings with relevant industries for proactive security remediation." ”
The research team identified 16 EV charging management systems, which they classify into separate categories such as firmware, mobile, and web applications. They conducted an in-depth security analysis of each system.
Bou-Harb said they devised a system lookup and collection method to identify a large number of EV charging systems, and then conducted a thorough vulnerability analysis using reverse engineering and penetration testing techniques for white/black box network applications.
It is understood that the team found a series of vulnerabilities in these 16 systems, and also highlighted the 13 most serious vulnerabilities, such as lack of authentication and cross-site scripting. By exploiting these vulnerabilities, an attacker could cause a number of problems--including manipulating firmware or masquerading as an actual user and accessing user data.
According to a recent white paper study by researchers, while it is possible to carry out different attacks on various entities within the EV ecosystem, in this work the researchers focused on investigating large-scale attacks that have a serious impact on the charging stations that are attacked, their users, and the connected power grid.
In this project, the team developed several security measures, guidelines, and best practices for developers to mitigate cyberattacks. Outside the forest, they also created countermeasures to patch each individual vulnerability they found.
To prevent large-scale attacks on the grid, the researchers recommend that developers patch existing vulnerabilities, but also incorporate initial security measures into the manufacturing process of charging stations.
"Many industry members have acknowledged the vulnerabilities we have found," Bou-Harb said, "and this information will help to immunize these charging stations to protect the public, in addition to advising future security solutions in the context of EVs and smart grids." ”
The researchers plan to continue analyzing more charging stations to better understand their safety posture. They are also working with several industry partners to help shape new safety products from the design phase and develop safety resilience measures to protect vulnerable charging stations from exploitation.
![【IPO frontline】Focusing on smart meter chips, the IPO of Juquan Optoelectronics Science and Technology Innovation Board was accepted[fig]](data:image/gif;base64,R0lGODlhAQABAIAAAP///wAAACwAAAAAAQABAAACAkQBADs=)