Sponsored

The Major Problem With EVs No One Is Talking About

Wolf Man

Well-known member
First Name
Brad
Joined
Jul 7, 2020
Threads
12
Messages
348
Reaction score
44
Location
Silver State
Vehicles
2021 F150 Lariat
Occupation
Retired
The Major Problem With EVs No One Is Talking About
By Irina Slav - Sep 07, 2021, 7:00 PM CDT

https://oilprice.com/Energy/Energy-General/The-Major-Problem-With-EVs-No-One-Is-Talking-About.html

Ford F-150 Lightning The Major Problem With EVs No One Is Talking About 2021-09-07_uw1kqfthaa


When GM earlier this year started recalling Bolts, it issued a warning to owners of the EV: don’t charge your car battery to 100 percent. Normally, this would be easy enough to do. But what if your charger got hacked?

Last year, researchers from the Southwest Research Institute in Texas successfully hacked the most popular charging system used in North America. The hack limited the charging rate, then blocked charging, and then overcharged the battery. The reason for the hack: “This was an initiative designed to identify potential threats in common charging hardware as we prepare for widespread adoption of electric vehicles in the coming decade,” according to lead researcher Austin Dodson.

Mission accomplished.

Earlier this month, UK cybersecurity firm Pen Test Partners said that it had found cyber vulnerabilities in six home EV chargers and a large public charging network. Some of the vulnerabilities were no small potatoes.

Among the findings of Pen Test Partners was a vulnerability that could potentially make possible the hacking of millions of EV chargers simultaneously and another that exposed user and charger data for the hacker to use.

Perhaps the most dangerous vulnerability that the cybersecurity experts uncovered, however, was the possibility for a hacker to take control over millions of chargers.


“As one could potentially switch all chargers on and off synchronously, there is potential to cause stability problems for the power grid, owing to the large swings in power demand as reserve capacity struggles to maintain grid frequency,” the firm said.

EVs have been touted as the future of transportation. Governments in Europe and North America are allocating billions in financing that focuses precisely on public charging networks. Yet, there is little talk about the cybersecurity implications of having a huge network of hundreds of chargers that can be hacked.

Public chargers are the riskiest, it seems. While one could hack a home charger, they would only gain access to that device and possibly the home network of that household. If they hack a public charger, they could gain access to the whole network, explains Baksheesh Singh Ghuman, Senior Director of Product and GTM Strategy at Finite State, a cybersecurity firm that specializes in connected devices.

Gaining access to data is one risk associated with the vulnerabilities of EV chargers. Another is even more straightforward: electricity theft. If a hacker breaches a public charger, they could siphon electricity off it and make someone else pay, says Singh Ghuman.

Attacks on home chargers can be serious, too, despite their much more limited focus. Since both EVs and EV chargers are connected devices, hacking the charger could grant the attacker access to things like passwords and other credentials.

And that’s not even the worst that can happen.

“Threat actors can also gain control of the electric vehicles themselves, which includes control over steering, brakes, acceleration, and other functions which could result in an accident,” Singh Ghuman told Oilprice. “They would have the ability to listen in on phone conversations held within the car and steal personal data from the vehicle’s connected network too.”

Everything is hackable, cybersecurity experts have warned repeatedly, from a corporate computer system to a pacemaker. And cybercriminals are often ahead of their opponents in the game of cat and mouse, forcing governments and cybersecurity service providers to often catch up.

Luckily, in the wake of the latest massive hack attacks in the U.S., action is being taken. A recent executive order by President Biden will oblige manufacturers of hackable equipment to start implementing more stringent cybersecurity standards, Singh Ghuman says. It is important to act preemptively and remove as many vulnerabilities as possible as early as possible.

A lot of hopes are being pinned on electric vehicles as a crucial element of the low-carbon economy of the future. Automakers are spending billions on their shift to EVs, and one could only hope some of that money is being spent on guaranteeing the cybersecurity of the vehicles. It should be, given how much is at stake. And with carmakers already aware of the challenges they face in promoting their EV models as the better cars, they need to be exceptionally wary of the possibility that the hackability of an EV could very well become a monumental issue alongside range anxiety.

Chargers are even more important. If a hacker can make several hundred chargers switch on and off when the hacker tells them to, that becomes a problem for the grid. And if a larger-scale attack can be launched, the situation would become a lot more serious.

There are already concerns about the addition of millions of EVs to city grids that were not built for this sort of electricity demand. Investments in the upgrade of grids so it can take the additional demand are seen at between $1,630 and $5,380 per EV, according to Boston Consulting Group. And that’s for EV penetration rates of 10-20 percent. The more EVs are added, the more money will need to be spent to keep the grid stable.

The EV revolution is becoming a challenging endeavor in more aspects than one. The cybersecurity theme needs to be at the center of the EV discourse. The threats might be potential for now but let’s remember: everything can be hacked.

By Irina Slav for Oilprice.com
Sponsored

 

GarageMahal

Well-known member
First Name
JT
Joined
Jun 3, 2021
Threads
26
Messages
626
Reaction score
675
Location
Minnesota
Vehicles
2023 Lightning XLT SR; 2003 Mercury Marauder (For Sale)
Occupation
Data Wrangler
Last edited:

metroshot

Well-known member
First Name
Pat
Joined
Aug 26, 2021
Threads
97
Messages
2,127
Reaction score
1,747
Location
Montclair, CA
Vehicles
2022 Lariat F150L + 2023 MME
Occupation
Networking Tech
My L2 EVSE charger does not connect to the Internet - it only connects to my house power and that's how I charge my car every night.

Mine is a "dumb" charger best suited for those that are not tech security conscious...
 

Sgt Beavis

Well-known member
First Name
Rick
Joined
May 20, 2021
Threads
5
Messages
246
Reaction score
220
Location
Colorado
Vehicles
2021 Wrangler Rubicon and 2018 Mini Cooper S Count
Occupation
overpaid computer nerd.
Imagine if the billing system of an oil pipeline was compromised!

DOH!!!

However, that being said, it didn't result in any cars bursting into flames. Hacking a home charger could potentially lead to something like that.

It's a problems throughout the IoT (Internet of Things) industry. Thermostats, location tags, refrigerators, TVs, etc., etc., etc. could be hacked. That's why it's more important than ever to keep your home network as secure as possible.
 

Sponsored

shutterbug

Well-known member
First Name
Joseph
Joined
May 20, 2021
Threads
7
Messages
1,242
Reaction score
1,220
Location
Phoenix
Vehicles
MME GB FE—Dead. F150L Lariat SR. MME Rally.
However, that being said, it didn't result in any cars bursting into flames. Hacking a home charger could potentially lead to something like that.
Please explain how. They only thing a hacker can do to the home charger is reduce rate of charging or stop charging altogether. How will that cause the garage inferno?
 

Vulnox

Well-known member
First Name
Bob
Joined
Mar 19, 2021
Threads
1
Messages
342
Reaction score
184
Location
Livonia, MI
Vehicles
2021 F-150 Lariat 502A, 3.5L PowerBoost
Yeah this article loses A LOT of credit by saying they are hacking chargers. They aren't hacking chargers. They are hacking the EVSE. The charger is onboard the car and it determines whether or not to allow the EVSE to supply power to the car. While I don't discount that someone could somehow force a Mach E to take more charge than it should, it would have to happen on the car side, not the EVSE side.

So I have to wonder if they actually got an EVSE to somehow overcharge an actual EV battery, or are just saying you could because they don't understand the technology.

It would be FAR easier to "hack" a gas station pump to do most of the same thing, stop pumping, increase pressure, only thing you probably can't do is override the stopping of the pump since it's a mechanical action, as far as I know at least. The same deal applies to EVs, much like the gas pump handle has a lever that allows you to stop the flow if needed, the car itself determines when the electrons stop flowing. The EVSE is NOT a charger, it is simply a communication device between the car's onboard charger and the power grid.

The rest, getting user info and that, is just as possible from those that are signed up at Mobil or Exxon gas stations for their loyalty programs. What a dumb, dumb claim. The article reeks of bias and somewhere along the line I bet an oil company cash kickback is involved.

EVs have safety concerns, and some are unique compared to their ICE brethren. But Teslas have been kicking around for a decade, Ford has had EVs for a decade, and hacking is as old as the internet. Yet aside from this puff piece there haven't been any known instances of this happening. But in the time it took me to write this, there will have been at least one ICE vehicle fire somewhere in the US, one of the over 100k that occur every year. Doesn't even require hacking.
 

shutterbug

Well-known member
First Name
Joseph
Joined
May 20, 2021
Threads
7
Messages
1,242
Reaction score
1,220
Location
Phoenix
Vehicles
MME GB FE—Dead. F150L Lariat SR. MME Rally.
So I have to wonder if they actually got an EVSE to somehow overcharge an actual EV battery, or are just saying you could because they don't understand the technology.
If they understood the technology, they wouldn't be writing for some newsletter.
 

MickeyAO

Well-known member
First Name
Mickey
Joined
Apr 2, 2020
Threads
25
Messages
1,036
Reaction score
1,986
Location
San Antonio Tx
Vehicles
Rapid Red Lightning Lariat ER, Kia EV6 GT-Line AWD
Occupation
Retired Lab Manager of the Energy Storage Technology Center
The Major Problem With EVs No One Is Talking About
By Irina Slav - Sep 07, 2021, 7:00 PM CDT

https://oilprice.com/Energy/Energy-General/The-Major-Problem-With-EVs-No-One-Is-Talking-About.html

2021-09-07_uw1kqfthaa.jpg


When GM earlier this year started recalling Bolts, it issued a warning to owners of the EV: don’t charge your car battery to 100 percent. Normally, this would be easy enough to do. But what if your charger got hacked?

Last year, researchers from the Southwest Research Institute in Texas successfully hacked the most popular charging system used in North America. The hack limited the charging rate, then blocked charging, and then overcharged the battery. The reason for the hack: “This was an initiative designed to identify potential threats in common charging hardware as we prepare for widespread adoption of electric vehicles in the coming decade,” according to lead researcher Austin Dodson.

Mission accomplished.

Earlier this month, UK cybersecurity firm Pen Test Partners said that it had found cyber vulnerabilities in six home EV chargers and a large public charging network. Some of the vulnerabilities were no small potatoes.

Among the findings of Pen Test Partners was a vulnerability that could potentially make possible the hacking of millions of EV chargers simultaneously and another that exposed user and charger data for the hacker to use.

Perhaps the most dangerous vulnerability that the cybersecurity experts uncovered, however, was the possibility for a hacker to take control over millions of chargers.


“As one could potentially switch all chargers on and off synchronously, there is potential to cause stability problems for the power grid, owing to the large swings in power demand as reserve capacity struggles to maintain grid frequency,” the firm said.

EVs have been touted as the future of transportation. Governments in Europe and North America are allocating billions in financing that focuses precisely on public charging networks. Yet, there is little talk about the cybersecurity implications of having a huge network of hundreds of chargers that can be hacked.

Public chargers are the riskiest, it seems. While one could hack a home charger, they would only gain access to that device and possibly the home network of that household. If they hack a public charger, they could gain access to the whole network, explains Baksheesh Singh Ghuman, Senior Director of Product and GTM Strategy at Finite State, a cybersecurity firm that specializes in connected devices.

Gaining access to data is one risk associated with the vulnerabilities of EV chargers. Another is even more straightforward: electricity theft. If a hacker breaches a public charger, they could siphon electricity off it and make someone else pay, says Singh Ghuman.

Attacks on home chargers can be serious, too, despite their much more limited focus. Since both EVs and EV chargers are connected devices, hacking the charger could grant the attacker access to things like passwords and other credentials.

And that’s not even the worst that can happen.

“Threat actors can also gain control of the electric vehicles themselves, which includes control over steering, brakes, acceleration, and other functions which could result in an accident,” Singh Ghuman told Oilprice. “They would have the ability to listen in on phone conversations held within the car and steal personal data from the vehicle’s connected network too.”

Everything is hackable, cybersecurity experts have warned repeatedly, from a corporate computer system to a pacemaker. And cybercriminals are often ahead of their opponents in the game of cat and mouse, forcing governments and cybersecurity service providers to often catch up.

Luckily, in the wake of the latest massive hack attacks in the U.S., action is being taken. A recent executive order by President Biden will oblige manufacturers of hackable equipment to start implementing more stringent cybersecurity standards, Singh Ghuman says. It is important to act preemptively and remove as many vulnerabilities as possible as early as possible.

A lot of hopes are being pinned on electric vehicles as a crucial element of the low-carbon economy of the future. Automakers are spending billions on their shift to EVs, and one could only hope some of that money is being spent on guaranteeing the cybersecurity of the vehicles. It should be, given how much is at stake. And with carmakers already aware of the challenges they face in promoting their EV models as the better cars, they need to be exceptionally wary of the possibility that the hackability of an EV could very well become a monumental issue alongside range anxiety.

Chargers are even more important. If a hacker can make several hundred chargers switch on and off when the hacker tells them to, that becomes a problem for the grid. And if a larger-scale attack can be launched, the situation would become a lot more serious.

There are already concerns about the addition of millions of EVs to city grids that were not built for this sort of electricity demand. Investments in the upgrade of grids so it can take the additional demand are seen at between $1,630 and $5,380 per EV, according to Boston Consulting Group. And that’s for EV penetration rates of 10-20 percent. The more EVs are added, the more money will need to be spent to keep the grid stable.

The EV revolution is becoming a challenging endeavor in more aspects than one. The cybersecurity theme needs to be at the center of the EV discourse. The threats might be potential for now but let’s remember: everything can be hacked.

By Irina Slav for Oilprice.com
If you dig into the internal research article at Southwest Research Insititute, you will find my name in it. Feel free to ask me questions on the methodology and actual results from our Internal Research. While the articles are kind of spot-on about what was found, there are several nuances about the results, along with what we hope to test next.

This all started with an off-hand remark I made of how I would attack an EV to the 'White Hat hackers' I know from the Institute.
 

Sponsored

astricklin

Well-known member
First Name
Andrew
Joined
May 24, 2021
Threads
7
Messages
1,578
Reaction score
1,487
Location
Dallas
Vehicles
99 Mercury mountaineer
I'm much more concerned about major corporations failing to safeguard my personal information stored on databases (looking at you T-Mobile) than someone bothering to 'hack' onto an evse...what monetary gain is this going to provide unless they can install some sort of ransomware to try to get a payment out of me.

Now, someone trying to access blink, charge point, or EA to get credit card information I could see happening but if they are PCI compliant there should be little worry about that.
 

Maxx

Well-known member
Joined
Jul 15, 2021
Threads
38
Messages
1,866
Reaction score
2,142
Location
MD
Vehicles
23 Pro, Sky RL, Frontier, Aurora V8, Buicks, ....
I'm much more concerned about major corporations failing to safeguard my personal information stored on databases (looking at you T-Mobile) than someone bothering to 'hack' onto an evse...what monetary gain is this going to provide unless they can install some sort of ransomware to try to get a payment out of me.

Now, someone trying to access blink, charge point, or EA to get credit card information I could see happening but if they are PCI compliant there should be little worry about that.
May be not as much to worry about now but once we are at level 5. Chinese or Russians hacking to over the air updates for Tesla, Ford and GM ten years from now will not need nukes anymore because they will have an army of +3,000 lb robots across the country that can run over people and into buildings while setting themselves and other things on fire. Well, may be not as much of Chinese attack since in 10 years, they will own the EV market and won't want to mess with that.
 
Last edited:

Sgt Beavis

Well-known member
First Name
Rick
Joined
May 20, 2021
Threads
5
Messages
246
Reaction score
220
Location
Colorado
Vehicles
2021 Wrangler Rubicon and 2018 Mini Cooper S Count
Occupation
overpaid computer nerd.
Please explain how. They only thing a hacker can do to the home charger is reduce rate of charging or stop charging altogether. How will that cause the garage inferno?
I thought they said they were able to overcharge a battery as well. Isn't that part of the reason Chevy Bolts have been catching fire?
 

shutterbug

Well-known member
First Name
Joseph
Joined
May 20, 2021
Threads
7
Messages
1,242
Reaction score
1,220
Location
Phoenix
Vehicles
MME GB FE—Dead. F150L Lariat SR. MME Rally.
I thought they said they were able to overcharge a battery as well. Isn't that part of the reason Chevy Bolts have been catching fire?
The home charger has no way to over or under charge. That's controlled by the car. The "smart" chargers can set up the schedule, and nothing else.
 

MickeyAO

Well-known member
First Name
Mickey
Joined
Apr 2, 2020
Threads
25
Messages
1,036
Reaction score
1,986
Location
San Antonio Tx
Vehicles
Rapid Red Lightning Lariat ER, Kia EV6 GT-Line AWD
Occupation
Retired Lab Manager of the Energy Storage Technology Center
I thought they said they were able to overcharge a battery as well. Isn't that part of the reason Chevy Bolts have been catching fire?
They were able to charge over the limit set by the vehicle (that counted as a successful overcharge) but the BMS shut down charging when the cell voltage limit was reached.

My understanding on the Bolt is that the original cells are flawed and that flaw is coming about now, not a bad BMS allowing overcharging. That would explain some of the swelling I saw on the cell during our lithium plating testing.
Sponsored

 
 





Top