Electric vehicles (EVs) offer significant advantages to drivers, such as lower operating costs, less maintenance, and the ability to refuel more quickly. But they also introduce new cybersecurity challenges due to the amount of data they generate and the reliance on digital systems. A range of connected car technologies have emerged in recent years, from telematic services like geo-fencing and eCall to IoT-connected devices such as parking assistance and remote engine start. While this connectivity has led to a number of positive advancements in safety, security, and convenience, it also exposes cars to potential cyberthreats. In fact, there are many similarities between connected cars and smart devices — particularly when it comes to cybersecurity concerns.
Basically, Electric Vehicle, like any other modern vehicle, is a computer with wheel. Underlying Platform, communication protocols, or electronic chips may differ from traditionally IT of course, but the computer science foundation are the same. Then it is not much the attacks that differs from traditional computing but the outcome. Just like for smart factories.
The Growing Importance of Electric Vehicles
The rise of electric vehicles is contributing to the development of a number of cybersecurity challenges. While EVs have been around for a long time, they are only now gaining significant market share. Consumers purchased 6.6 millions EVs in 2021, a 100% growth over the previous year. Experts expect high demand to continue in the coming years, with a forecasted 34% CAGR until 2023 reaching a total of 52 million electrified vehicles.
Data Flows and Limitations of Electric Vehicles
EVs have a number of data flows that will increase as the market grows. Among these are the communication between the vehicle and the electric grid that powers it, and the communication between the car and the internet of things (IoT) devices onboard. It’s precisely these data flows that require greater attention when it comes to cybersecurity. For example, when an EV is plugged in and charging, it is connected to the grid and receives power from it. Data is transmitted between the EV and the grid, and from the EV to the charging station, via the car’s On-Board Diagnostics (OBD) system. This same data can be viewed by a hacker who has breached the system, allowing them to take control of the vehicle.
The APIs used by EVs are very similar to those used by IoT devices. The EV, in this case, is the server, while the device is the client. An EV’s API is accessible to other connected components and can be plagued by the same vulnerabilities. For instance, an EV’s API might use a traditional authentication process, such as a username and password. But this authentication process can be exploited if hackers are able to guess the password. A more complex authentication process, such as multi-factor authentication (MFA), can help mitigate this risk. But even MFA can fall victim to man-in-the-middle attacks (MITM), whereby a third party intercepts data between two parties who believe they are communicating with each other.
The sheer amount of software used in EVs — including CAN (Controller Area Network) bus communications, the car”s central electronic control unit (ECU), and the vehicle’s internal network — means there are many potential vulnerabilities. Software engineers are working to improve the quality of code used in these technologies, but they face significant challenges.
On one hand, they’re under pressure to meet deadlines — and sometimes they sacrifice the quality of the code to do so. On the other hand, software engineers are not always given the resources they need, such as sufficient time, money, and resources. This can lead to shortcuts that may introduce vulnerabilities. Another challenge that must be overcome is the high rate of change. New features are being added and removed all the time, which makes it difficult to maintain the code and keep bugs from slipping through the cracks.
Cybersecurity Recommendations for Electric Vehicles
As EVs are becoming increasingly mainstream, it’s important to recognize the cybersecurity challenges they present and take steps to mitigate the potential risks. Here are three recommendations to keep in mind:
- While there is no “silver bullet” when it comes to cybersecurity, there are several best practices that can help improve the security of EVs. These include using strong, unique passwords; designating someone within the organization to be responsible for cybersecurity; and implementing a cybersecurity incident response plan.
- To avoid the MITM attacks mentioned above, engineers can use TLS encryption. They should also consider implementing end-to-end cryptography, particularly when transmitting sensitive information. And, last but not least, engineers should consider designating one network for internal communications and another for external-facing communications.
- In addition to implementing these best practices on the device level, engineers also need to think about network security. This includes securing the servers that host the device’s software, as well as the data center where this software is stored.
Electric vehicles present a new set of cybersecurity challenges. The sheer volume of data that these connected vehicles generate, along with the dependence on software, means that EVs create more potential entry points for hackers. To mitigate these risks, engineers need to improve their code quality, implement strong authentication processes, and apply cybersecurity best practices across their organizations.