Charging piles frequently expose high-risk vulnerabilities, how to ensure the safety of charging infrastructure?

To protect the end-to-end security of NEV charging networks, personal and payment data, and even the power grid, coordination and commitment must be made throughout the NEV charging ecosystem.

As more countries move towards the point where there will be more electric vehicles than gasoline-powered vehicles, the global public and private sectors are urgently investing in tram charging facilities. Building such a robust and safe tram charging ecosystem will help ensure network availability and stability, provide drivers with a seamless charging experience and help achieve zero emissions.

On the one hand, the construction of electric car charging facilities is in full swing; On the other hand, the spread of charging facilities has also been accompanied by increased cyber-security risks, which cyber criminals have taken note of.

At present, the charging device of NEV itself has become a big target. Hackers can plant ransomware, hijack devices and display political or other offensive content on the prompt screen. According to the security of internal understanding, in recent years has appeared a number of vulnerability events.

In July 2021, the team of PenTestPartners studied six charging pile brands popular in Europe and the United States and found a series of software and hardware vulnerabilities of charging piles for NEV, which could lead to remote control of chargers and even further damage the stability of power grids.

In February 2023, the Saiflow team discovered a bug in some versions of the open charging point protocol OCPP that could lead to a remote shutdown of the charger or free charging.

Scope of vulnerability: beyond the charging pile and EV

As the EV ecosystem develops and the attack surface expands, the communications networks used to connect to the charging piles and their management systems, the personal data transmitted within those networks, the charging pile operators who collect fees, and the grid itself are all increasingly vulnerable. Specific risks include but are not limited to: 

Operation of the public charging network interruption, resulting in a lot of charging pile can't use and influence of traffic;

Hijack the charging pile network and use the charging pile as a broiler in large-scale distributed denial of service (DDoS) attacks;

Stealing customers' personally identifiable information (PII), including payment card information;

Fraudulent activities involving charging fees for electric vehicles;

Power grid interruption, resulting in power outage and equipment damage;

Damage the business reputation of electric vehicle charging service providers.

Security experts know that whenever digital communication is going on between any two points, there is always a potential vulnerability. When the EV is connected to the networked charging pile, the cascaded duplex communication between multiple computing devices will also be turned on synchronously -- between the vehicle and the charging pile, between the charging pile and the owner's mobile phone application, between the charging pile and the power grid, between the charging pile and the back-end management system, between the management system and the payment gateway, plus between the management system and the charging pile operator. The resulting massive attack surface is not hard to imagine.

To protect the end-to-end security of NEV charging networks, personal and payment data, and even the power grid, coordination and commitment must be made throughout the NEV charging ecosystem.