After a person was able to gain access to an Electrify America charger via a loophole, EV owners are raising concerns about the system’s potential security deficiencies. With vehicles and charging stations becoming more connected, cybersecurity risks in the EV space have been on the rise. In 2020, a security researcher exploited a vulnerability in a Tesla Model X that could unlock the SUV in 90 seconds. Although the hack demands experience and hardware, it raises concerns about vehicle safety.
Electrify America is already under scrutiny for bricking some EVs, and it now appears that its chargers are easy targets for cyber criminals. Twitter user The Kilowatts was able to gain access to an Electrify America charger in Kettleman City, and even posted a couple of videos showing how easy it was to breach the chargers’ security network. The first video shows the Electrify America charger’s screen displaying an image of a red Tesla Model 3. The second video shows how The Kilowatts was able to take control of the Electrify America charger using the simple TeamViewer app.
EV Charging Infrastructure Needs Better Security
While the potential damage depends on the hacker's level of experience, The Kilowatts' posts has attracted its fair share of responses. Twitter user CapnSpike_IRL, who claims to be a Wi-Fi and network expert, says that the ability to remotely access a charger comes with a suite of risks, including the possibility of credit card information being accessed. In a subsequent tweet, the same user said that he had seen an Electrify America charger display the Windows desktop, and was able to reboot the machine to access the charger.
After the incident, Teslarati reached out to Electrify America for a statement, which responded saying “Intentionally accessing a computer system without authorization can be a serious crime and may incur civil liability as well. We continue to investigate these events and intend to protect ourselves and our customers.” Following this, The Kilowatts made another visit to the same charging station and found that the affected charger was made unavailable for use. However, he also spotted a different charger displaying an active debugging session on the screen.
While it's true that more chargers are needed to manage queues at charging stations, charging providers will need to prioritize the safety of customer data with better security protocols. Beyond remotely starting an EV or stealing personal data from chargers, hackers can sabotage the grid and cut off access to drivers. It's only a matter of time before malicious actors begin exploiting loopholes in nationwide charging networks like Electrify America's.
Source: The Kilowatts/Twitter 1, 2, 3, CapnSpike_IRL/Twitter, Teslarati
Gloss