Electric vehicle charging stations 'easy' to attack, says new research
'Everyone seems to forget they are connected to infrastructure — to the energy grid'
How much do you know about the electric charging station where you plug in your electric vehicle?
New research at the University of Windsor is looking at security vulnerabilities of charging stations — not only could your payment information be stolen, but the electricity grid could be compromised too.
Mitra Mirhassani, an engineering professor, said not enough is being done when it comes to security of these stations.
"Most of the charging stations are placed wherever a company sees convenient," said Mirhassani. "These can be insecure roads and parking lots. Everyone seems to forget they are connected to infrastructure — to the energy grid."
Mirhassani said if there was to be an attack on that energy infrastructure, there would be a lot of issues that couldn't be fixed quickly.
"We realized that if we introduced hardware modifications, then you could, without the knowledge of the programmer, cause artificial intelligence to respond differently than expected," said Mirhassani. "The programmer might not even realize there are changes made to the AI."
Chargers can be attacked in several points — payment, hardware, charging ports — and Mirhassani said they could be considered an "open gate" for hackers.
According to Mirhassani, if the chargers were compromised they could steal energy from the grid, which would cause imbalance in the network.
"That would cause problems for the city, for smart buses ... it would cause a lot of misreadings and misrouting," said Mirhassani.
A compromise to the payment system would release all the financial information of anyone who has used that station.
Mirhassani recently received $640,000 from FedDev Ontario for her research. While the grant is only for a two-year period, she hopes to get more funding in the future.
According to Mirhassani, there are only a few protections in place for the energy grid right now.
"It's rather easy to attack [charging stations]," said Mirhassani.
'Not concerned or wary yet,' says EV Society chapter president
While Mirhassani will continue her research into security vulnerabilities presented by electric vehicle charging stations, the president of the Electric Vehicle Society's Windsor-Essex chapter says he's "not concerned or wary yet."
Pino Mastroianni, owns and drives two electric vehicles and is not involved in the current research at the University of Windsor. He said he typically charges his vehicles at home. When he's out on the road, he relies on charging stations provided by ChargePoint and Flo.
"I see the potential there, but I haven't heard of any circumstance of it happening yet," said Mastroianni, adding that he also hasn't heard any concerns about charging stations by EV owners and enthusiasts through word of mouth.
"I'm thinking the likelihood is low right now."
Mastroianni explained that most paid EV charging stations don't process payments directly at the terminal. Instead, users access chargers through a FOB, smartphone or through proximity sensors.
"Your payments method is on file on the databank for the company that controls the public chargers," he said. "So you're not really transferring your payment methods when you're accessing a charging network — they're just accessing your membership account information and the payments are being done in the background."
He said he believes it's more likely that users personal information — like credit card details — could be stolen by hacking databanks.
"That can happen with any retailer that you're associated with, whether a box store or whether it be an online retailer," said Mastroianni.
He said that users are more likely to get hacked by using public Wi-Fi.
"You should have a good, strong password to use your network," he said.
At the same time, Mastroianni pointed out that not all EV charging stations are connected to the internet. Instead, some simply provide an outlet and "they're free to use."
"Some DC fast chargers do take credit card payment directly, as you would at a gas pump," he said. "I'm sure those risks are similar to using a gas pump."
With files from Afternoon Drive and Angelica Haggert