27 September 2023

EV charging stations can be hacked

Start the conversation

Ioanna Lykiardopoulou* says researchers have identified potential cyberattacks and countermeasures.


As the number of EVs on the streets grows, so does the number of electric vehicle charging stations (EVCS) needed to juice them up — and along with them the number of the internet-connected managing systems within those stations.

These management systems offer an array of valuable capabilities like remote monitoring, scheduling, and user billing.

However, they come with a significant drawback: as with virtually every device connected to the internet, they’re prone to cyberattacks.

A team of researchers led by Elia Bou Harb, director of the University of Texas Cyber Center for Security and Analytics, wanted to explore the real-life implications of cyberattacks against EV charging systems, and how to utilize cybersecurity countermeasures to mitigate them.

With this aim in mind, the researchers assessed a body of 16 electric vehicle charging station managing systems (EVCSMS), including systems developed by globally recognised vendors.

Their evaluation identified the 13 most severe vulnerabilities across the EVCSMS’ firmware, mobile, and web apps, which could lead to eleven types of cyberattacks.

The types of potential cyberattacks

The team divided cyberattacks into three separate categories:

  1. Attacks against the EVCS
  2. Attacks against the user
  3. Attacks against the power grid

In the first scenario, the EVCS could be compromised so it would charge slower or not at all, display manipulated charging fees to customers, or have features disabled.

In the second scenario, attackers could get access to the users’ charging records and personal information.

This means that their data could be used for surveillance, blackmailing, identity theft, and payment fraud.

And in the third scenario, attackers could leverage a large number of compromised EVCSMS to either launch synchronized charging operations at the same time, or to reverse the electric flow back to the grid by increasing the discharging supply.

Both attacks destabilize the grid, which can lead to cascading failure.

Countermeasures against cyberattacks

During this project, the research team developed countermeasures to patch each individual vulnerability they found.

They also made several suggestions on suitable security measures, guidelines, and best practices developers can follow to mitigate the attacks.

Especially regarding the prevention of mass attacks to the power grid, the researchers recommend that patching existing vulnerabilities alone is not merely enough.

They highlight that developers need to also incorporate initial security measures during the manufacturing of the charging stations.

The team plans to continue analysing more charging stations in the future, and it’s also working with several industry partners to develop new security products that can protect vulnerable charging stations from exploitation.

You can find the research’s white paper on ResearchGate.

*Ioanna Lykiardopoulou is a writer at SHIFT. She likes the transition from old to modern, and she’s all about shifting perspectives.

This article first appeared at thenextweb.com.

Start the conversation

Be among the first to get all the Public Sector and Defence news and views that matter.

Subscribe now and receive the latest news, delivered free to your inbox.

By submitting your email address you are agreeing to Region Group's terms and conditions and privacy policy.