Cybersecurity risks of electric vehicles
When considering what car to buy, most are concerned with the physical safety features. As the automotive race to electrification progresses, a new realm of risk has been exposed: cybersecurity.
Given their reliance on software and programming, EVs are generally understood to be more vulnerable than conventional Internal Combustion Engine (ICE) vehicles.
EVs consist of approximately 20 moving parts, unlike ICE vehicles which have almost 2,000. Though the latter requires a complex mechanical system, EVs run on embedded software which controls elements such as the motor controller to monitor and regulate the battery and accelerator.
Software updates may seem preferable as many can automatically done over-the-air (OTA) through cloud connectivity, meaning EV drivers needn’t return to garages or distributors.
However, with a software-based car comes the cyber threats associated with computers and devices.
Home charging points for EVs provide convenience for those lucky enough to install them. Yet, home chargers often function over Wi-Fi, which makes the entire home network prone to infiltration.
Not only could a hacker remotely control the charging capabilities, but they could remove owner’s access to the car. On top of this, if a hacker gained access to multiple chargers simultaneously, they could potentially overload the electricity grid and causes blackouts within areas.
Notorious hacker group, Anonymous, made headlines in March as it hacked Russian EV charging points to display the following message: ‘Putin is a d***head.’ Many Russian EVs were taken offline as they’d been manufactured partly by a Ukrainian company which allegedly helped the attack.
With developments in autonomous driving accelerating at a rapid pace, a report summarised how Israeli researchers managed to ‘trick’ a Tesla by flashing ‘phantom’ images onto the road, walls and signs. If the Tesla detects movement or objects in its way, its Autopilot will instinctually brake or steer in another direction to avoid collision.
The experiment meant that the Tesla deviated from its lane through the projection of new road markings. Such ‘phantom’ images can be delivered remotely through drones or the hacking of digital billboards. The report noted that the images could appear and disappear so quickly that a human eye wouldn’t even detect it, meaning the driver wouldn’t understand why their car was malfunctioning.
Concerns over Tesla’s phantom braking were responded to with Tesla’s disclaimer that “autopilot features require active driver supervision and do not make the vehicle autonomous.”
In January of this year, 19 year old David Colombo published a blog post about how he hacked over 25 Teslas across the globe. Prior to this, a chain of tweets went viral as he confirmed that he could remotely run commands across 13 countries, completely unbeknownst to the drivers.
Though Colombo highlighted that this was a security fault relating to the owners – not Tesla’s infrastructure – it has worried many EV owners. Remote control allowed Colombo access to unlock doors and windows; he could also honk the horn and locate the car. Despite all of this, he didn’t think it was possible to directly move the vehicle.
Further to this, Lennert Wouters publicised the vulnerabilities that he identified within Tesla’s security system. Through reverse engineering of the keyless entry fob,and the exploitation of the Bluetooth Low Energy standard, Wouters used a DIY device built from a Raspberry Pi to remotely hack a Tesla Model X and unlock the car. The device was able to clone the original car key as long as it was near it was 90 seconds.
Though the environmental benefits of EVs ring true, the vulnerability of their software certainly seems to need further preventative measures.