Electric cars are one of today’s most closely watched and fastest-growing technologies, with adoption rates expected to skyrocket in the years ahead. While the U.S. Energy Information Administration (EIA) estimated there were around 57,000 electric vehicles on the road in 2010, sales from 2012 to 2020 are expected to total more than 1.8 million units, according to Pike Research. As battery-powered cars become more prevalent, the grid of charging stations is also growing to support them. However, these stations are poorly secured and require new development approaches to avoid a major infrastructure risk, according to security researcher Ofer Shezaf.
Need for connected systems
In a recent presentation at Amsterdam’s Hack in the Box conference, Shezaf highlighted the burden these charging stations place on an electrical grid. Due to their intense power demands, these stations will need to be connected to a smart grid as electric car use grows to avoid overloading local and even national power supplies. In France, where the government also anticipates as many as 2 million electric cars on the road by 2020, this issue is already being debated, according to Reuters.
“If it’s badly managed, it could prompt power surges, which would cost a lot in peak production, CO2 emissions and would also necessitate the construction of relatively costly infrastructure,” Olivier Grabette, head of R&D at French power grid RTE, told Reuters, adding that simultaneous charging could add as much as 3 to 6 gigawatts of demand during peak periods.
To enable smart grids, however, charging stations will have to be connected, which introduces the possibility that a hacker could abuse multiple stations at once, Shezaf said. He described the simplicity of physically accessing the equipment’s components and analyzing its firmware.
“Essentially a charging station is a computer on the street,” Shezaf said, according to Network World. “And it is not just a computer on the street but it is also a network on the street.”
In at least one model of charging station Shezaf studied, it was possible to configure the machine without any authentication beyond physically opening the box. Additionally, many stations are connected using RS-485 short-range communication networks, which have low bandwidth and high latency, making it easy to perform man-in-the-middle attacks. The potential for disrupting service at charging stations and, in a future with large numbers of electric cars, entire power grids, is significant.
“If somebody finds a way to confuse the smart car charging system, the denial of service can not only hit charging cars, but also the electricity system,” Shezaf said, according to NetworkWorld.
To prevent such situations from occurring, Shezaf recommended the industry adopt coding standards aimed at improving the security of charging stations. By taking the time to institute practices that strengthen the software security of these systems now, vendors can ensure that more serious issues do not arise in several years when electric cars are more prevalent. Using tools such as source code analysis software, manufacturers can ensure the embedded systems do not contain vulnerabilities and catch oversights that could expose stations to attackers.
Software news brought to you by Klocwork Inc., dedicated to helping software developers create better code with every keystroke.