EV Charger Hacking Poses a ‘Catastrophic’ Risk

Caute_cautim · ‎07-07-2023

Hi All

EV Charging units appear to pose a catastrophic risk.

https://www.wired.com/story/electric-vehicle-charging-station-hacks/

"Instead of the businesslike welcome screen displayed on the other Electrify America units, this one featured a picture of President Biden pointing his finger, with an “I did that!” caption. It was the same meme the president’s critics started slapping on gas pumps as prices soared last year, cloned 20 times across the screen."

Take this with the Lithium battery fires and fumes now causing issues both on the road and at disposal sites.

This change over to electric vehicles is not well thought out - the mad dash for technology first once again, without realisation of the associated risks and ramifications.

Regards

Caute_Cautim

JoePete · ‎07-07-2023

I think part of the problem is business strategy trumping security. The desire to have these stations be advertising stations requires them to pull in outside content, that means vulnerable code and Internet connectivity, etc. It's seeing opportunity without acknowledging risk.

It's also the problem in the industry of not addressing the lifecycle of these vehicles and their batteries. Industry focus has been on energy density in order to sell the range of these things, but that range/technology comes with a consequence in terms of sourcing and eventually disposing of the batteries. Ultimately, whether you are talking security or sustainability, you can't have this target focus strategically. You have to look at the whole picture.

Early_Adopter · ‎07-07-2023

Yeah - they've certainly tried to pack a little too much functionality and extensibility in for charging systems.

The battery lifecycle is truly essential here as there isn't enough lithium for everyone who'd like to use it (you have mental health issues? Well, how sad, oh dear, never mind, I've got to send my Tesla roadster with all that Lithium to Spaaace!) and disposing of it poorly or worse still having the compromised charging station blow the batteries up like discount Stuxnet won't be good...

denbesten · ‎07-07-2023

The vulnerability is against the charger itself, not a malicious charger attacking the attached vehicle. Whew. For a moment I was envisioning the need to carry around my own charging brick, like I do for my phone.

More seriously, this does raise the question of how well the car defends its CAN bus from the data it exchanges (billing info, charging speed, duration, etc.) with the charging station. Input validation is important even on "internal APIs".

Will be interesting to see how the energy councils (NERC, ERCOT, etc.) respond. They are already concerned about attacks against their control infrastructure but a bad actor rapidly manipulating large-scale demand seems like a whole new risk. My guess, more big batteries.

Early_Adopter · ‎07-07-2023

Yeah - I'm just enjoying the ambiguity - naughty old Elon hiring NK hackers to force feed cars to much juice... hopefully the car just disconnects - like Apple products do when your cables are slightly worn to sell you more... I fixed my iphone 11 pro yesterday with a third party screen as i had dead keys, and settings won't shut up about it.

Anomaly detection was I understand very hard on CAN bus largely because of the limited memory and compute between them - I spoke to folk were using a host/nw integrity product to try to detect anomalies - but obviously that needs training etc - so you chuck some obnoxious critical system protection on there and well, it's all slow now, even if all you're doing is sort if NW IPS/IDSey, each component needs a certificate, and a signature... Flashback to flash traders complaining...

I think Mr Musk once he's popped Zuckerberg's roadster for beating him in the cage(Zuck's a literal machine, a terminator without it's personality) might turn his army of compromised Tesla charger against the enemies' batteries - I fondly hope that this is Jeff B - and that they need Richard Branson to mediate... 😛

Caute_cautim · ‎07-07-2023

@denbesten You mean like the new innovative Toyota batteries, which apparently have greater density, but have not officially been tested for explosive potential or ability to fry the whole vehicle, if the right conditions exist....

Regards

Caute_Cautim

denbesten · ‎07-07-2023

@Caute_cautim wrote:
@denbesten You mean like the new innovative Toyota batteries, which apparently have greater density, but have not officially been tested for explosive potential or ability to fry the whole vehicle, if the right conditions exist....

The other side of the equation. I was referring to protecting the electrical grid with the likes of the Hornsdale Power Reserve. The article observed that a bad actor given control of many chargers could potentially destabilize an entire country's electrical grid by simultaneously switching on/off thousands of chargers.

The issue with traditional generation (coal, nuclear) is that it takes tens of minutes to build up additional steam pressure to adapt to an increase in demand. Manageable if the ramp up is slow but rapid change risks physical damage to power plants -- similar to driving your car in the wrong gear. If this gets bad enough, plants will disconnect from the grid to "save themselves", potentially resulting in a grid-wide blackout.

This is akin to a distributed denial of service attack in the IT world, and the solution is similar -- develop short-term, highly-responsive capacity specialized for handling spikes.

Hornsdale in Australia was one of the first grid-scale batteries. Although originally envisioned to mask a local wind farm's intermittent generation, it ended up paying for itself in about 2 years by playing the spot-market, supplying electricity at a premium price to cover the lag between pouring more coal in the furnace and having more electricity come out. It worked so well at stabilizing the grid (and making money) that there are now dozens of grid-scale batteries in Australia.