More and more people are choosing electric cars, be it for reasons of innovation or for environmental reasons. But the ecological and technological advantages of electric vehicles come with new risks.
According to the Global Automotive Cybersecurity Report, threats against application programming interfaces (APIs) increased by up to 2022 percent by 380, accounting for 12 percent of all incidents. This also applies to the system design of electric cars. The safety of the drivers and the data that the vehicles generate are at stake. Like the perpetrators, the industry must act quickly to prevent these attacks.
Gateways to electric cars
1. Remote controlled vehicle hijacking
Suppose you are sitting at the wheel of an electric car and enjoying the ride in peace and quiet. Suddenly you lose control of the vehicle: it slows down, the steering wheel goes crazy, or the engine accelerates even though the accelerator pedal is not pressed. An invisible driver has taken control of the vehicle and you are at his mercy. The more electric cars are automated and networked, the more vulnerable they become to cyber attacks. Hackers with advanced knowledge can take remote control of a vehicle by exploiting vulnerabilities in the vehicle's electronic systems.
2. Threats at charging stations
This critical aspect often goes unnoticed, which is why only safe and trustworthy locations should be visited. Otherwise the following dangers lurk:
a) Charging process: If a user charges their electric vehicle, attackers could try to sabotage the process: manipulating the charging status, interrupting the charging process or even damaging the battery is conceivable, which could significantly shorten the vehicle's service life and increase maintenance costs. On top of that, hackers can set up fake charging stations with the aim of hacking vehicles into the connection or stealing collected data.
b) Data theft: Smart charging stations can collect important information such as payment details, charging behavior and locations traveled to. If these stations do not have adequate security measures in place, hackers could gain access to this data and misuse it for identity theft or financial fraud.
c) Malware on the street: Attackers could gain access to the charging station and use it to distribute malware to connected electric vehicles, giving them access to the vehicle's electronic systems.
d) Deceptive connections: Charging stations are connected to networks, meaning they are often linked to online payment systems. Denial of Service (DDoS) attacks could result in service interruptions and inconvenience to users.
3. Malicious disruption of connectivity
Autonomous vehicles rely heavily on communication with road infrastructure. These connections allow them to exchange information about traffic, weather and other driving factors. However, this dependency opens the door to cyber attacks, which can have serious consequences, as an attacker could cause the vehicles to make wrong decisions by manipulating data transmissions.
Protecting electric cars from cyber threats
To make electric vehicles resilient, it's important to keep software up to date, avoid public Wi-Fi networks, use strong passwords and check the vehicle for unusual behavior. Drivers should also report any problems to the manufacturer. When using charging stations, you should always check the authenticity of the station and use secure connections. Electric vehicle manufacturers should ensure that secure software is used, with security built into the software and hardware implementation from the factory, and the principle of least privilege applied to restrict access to the software used.
More at Checkpoint.com
About check point Check Point Software Technologies GmbH (www.checkpoint.com/de) is a leading provider of cybersecurity solutions for public administrations and companies worldwide. The solutions protect customers from cyberattacks with an industry leading detection rate for malware, ransomware and other types of attacks. Check Point offers a multi-level security architecture that protects company information in cloud environments, networks and on mobile devices, as well as the most comprehensive and intuitive “one point of control” security management system. Check Point protects over 100.000 businesses of all sizes.