The Major Problem With EVs No One Is Talking About

ShirBlackspots · Sep 9, 2021

This is more an internet connected car problem, and not an EV problem.

Whoosh · Sep 9, 2021

Maxx said:
May be not as much to worry about now but once we are at level 5. Chinese or Russians hacking to over the air updates for Tesla, Ford and GM ten years from now will not need nukes anymore because they will have an army of +3,000 lb robots across the country that can run over people and into buildings while setting themselves and other things on fire. Well, may be not as much of Chinese attack since in 10 years, they will own the EV market and won't want to mess with that.

" Well, may be not as much of Chinese attack since in 10 years, they will own the EV market and won't want to mess with that. " Um, don't they already hold trillions in America's debt, I don't think the 3klb robots are going to be necessary lol

Slappy McGee · Sep 14, 2021

MickeyAO said:
My understanding on the Bolt is that the original cells are flawed and that flaw is coming about now, not a bad BMS allowing overcharging. That would explain some of the swelling I saw on the cell during our lithium plating testing.

As a former Bolt owner I can confirm that yes, the cells in the Bolt pack had a manufacturing flaw that could cause what I believe they call "thermal runaway."

GM's initial mitigation was to limit charging since there seemed to be some correlation between too high a charge and thermal runaway and they launched a "interim fix" that basically just prevented charging beyond 90%.

Their "permanent fix" was also software based, and was supposed to "discover" if the pack was flawed and notify the operator/GM for a pack replacement. 2-3 (not sure of exact count since I stopped following this closely) caught on fire after the "permanent fix" and caused significant damage, so now as I understand it, the mitigation is "don't charge to full, park outside, don't charge at night/unsupervised and wait for use to replace tons of battery packs."

I liked the Bolt and have no complaints about GM doing a buyback on my vehicle with a fairly painless (other than waiting) process that got me into an F-150 Powerboost, but worry this has soured many people on EV ownership.

dhrandy · Sep 14, 2021

Most EVs can't be overcharged...

But you're telling me that no one can hack a gasoline vehicle parked in a garage to start and kill everyone in the house? Oh wait, no fumes with the EV. So there's a plus.

Squatch · Sep 14, 2021

There are some ridiculous aspects of the article, but it's almost like people forgot about sensational journalism since it took over the entirety of news outlets.

The point about Biden's EO is the most ridiculous, but I want to side-step any political discussion. Manufacturers have been allowed to coerce the public into "agreeing" to be spied on in a way they wouldn't even allow their spouse or significant other to do and in many ways is beyond human capability to monitor let alone prevent. As long as this paradigm exists and is supported by governance, massive and prolific vulnerabilities will persist. Protecting your PII, etc. isn't the companies' top priority. They're getting slaps on the wrist when they should be shut down or even locked up. Looking at Equifax now. Auto manufacturers will always have a backdoor into your connected vehicle whether it's an EV or not and that is exploitable, always.

Maybe, you could be so important that your vehicle gets hacked and you're the target of an assassination, but unlikely. I would be more concerned about a nationwide hacking of charging networks being used to destabilize the Grid in strategic places for nefarious purposes.

*Side note: I thought this was written by Irina Slavina at first... that's a crazy story.

LightningShow · Sep 14, 2021

This article is what we call FUD.

MickeyAO · Sep 14, 2021

LightningShow said:
This article is what we call FUD.

The article (and many others like it) was based on a paper released about an Internal Research (IR) project at Southwest Research Institute. If you can find the original report at SwRI.org, you will find my name as an author on the paper. I made an off-hand remark to a couple of friends (white hat hackers in another Division) on how I would try to attack EVs, which directly lead to the IR. I did not participate in the hands-on attack, but I had to review their process and data before I could approve the report.

I'm really hoping we get funding for the next IR on this where I have a couple of really diabolic ideas on what to do next with DCFC

If you have any questions about the actual paper (and how it differs from the news articles), please feel free to ask me.

Brian Head Yankee · Sep 15, 2021

It's a sign of the Youtubers these days. 99% of them aren't any different than the sensationalized newspapers at the checkout counter in the 80's. Its just presented in a different format. The challenge is to know when you are being had.

This thread is using the old playbook by saying it is a "major problem no one is talking about". FUD is the correct assessment. I was surprised that the author's hat isn't made out of tinfoil.

Diabolical! · Sep 15, 2021

The Major Problem With EVs No One Is Talking About

More like the minor problem no one is concerned about....

Vulnox · Sep 15, 2021

Diabolical! said:
The Major Problem With EVs No One Is Talking About

More like the minor problem no one is concerned about....

Yeah it's funny how those articles that say "No One is Talking About" skim the part where the reason is either:
A. It's not a real thing, or is so insignificant in terms of chance as to make it as much of a concern as checking the sky for comets every time you step outside.
B. People are talking about it, and quite a bit, they are just lying to get clicks. I see this one sometimes most often, usually when an article says "The major news networks won't tell you...", yet a five second google search shows every major network already ran a story on it.

I can't be mad at them though. They make those titles because they work on more people, and in general an article titled "Vehicle security is something we should pay attention to in an ever more connected future" would get 1/50th of the clicks and probably wouldn't have even become a post here as the OP would have skipped it too.

Reality of connected devices is before you worry about your car, you need to be worried about what is in your home. Cheap IIoT devices are present in most homes in the US, from smart bulbs or switches to smart assistants like Alexa or Google Home. I am not even talking about the manufacturers doing anything nefarious, the problem is that these devices often get the bare minimum of security and you invite them onto your home network. If you look up the recent history of bot nets and DDoS attacks, a lot of them are coming from IIoT devices that are taken over and used as the initiator of the attack. Even your smart lightbulb is capable of making constant DNS queries to a service and being one of a million other infected devices can cause trouble for the targeted service, and you won't even know.

It is made even worse by how difficult it is for the average person to put in basic safeguards for this. I have a Ubiquiti UDM-Pro gateway which allows me to segment my wireless network between a main and IIoT network and I have rules set up so devices on the main network can talk to the IIoT devices, but the IIoT devices can't see anything on my main network. The IIoT devices also have restricted DNS access, only getting what they need for their individual service.

Sorry it gets off topic, but also not. It's an issue beyond automotive, and we need to get more individuals in congress that aren't approaching triple digits in age to start getting a handle on this.

MickeyAO · Sep 16, 2021

MickeyAO said:
The article (and many others like it) was based on a paper released about an Internal Research (IR) project at Southwest Research Institute. If you can find the original report at SwRI.org, you will find my name as an author on the paper. I made an off-hand remark to a couple of friends (white hat hackers in another Division) on how I would try to attack EVs, which directly lead to the IR. I did not participate in the hands-on attack, but I had to review their process and data before I could approve the report.

I'm really hoping we get funding for the next IR on this where I have a couple of really diabolic ideas on what to do next with DCFC

If you have any questions about the actual paper (and how it differs from the news articles), please feel free to ask me.

Here is the official link from the Institute about the IR
SwRI hacks electric vehicle charging to demonstrate cybersecurity vulnerabilities | Southwest Research Institute

LightningShow · Sep 18, 2021

MickeyAO said:
The article (and many others like it) was based on a paper released about an Internal Research (IR) project at Southwest Research Institute. If you can find the original report at SwRI.org, you will find my name as an author on the paper. I made an off-hand remark to a couple of friends (white hat hackers in another Division) on how I would try to attack EVs, which directly lead to the IR. I did not participate in the hands-on attack, but I had to review their process and data before I could approve the report.

I'm really hoping we get funding for the next IR on this where I have a couple of really diabolic ideas on what to do next with DCFC

If you have any questions about the actual paper (and how it differs from the news articles), please feel free to ask me.

Is your conclusion that the security vulnerabilities are *worse* than any number of other types of infrastructure, consumer appliances, automobiles, etc., etc. or that it's just something we should consider along with all of those other things?

MickeyAO · Sep 18, 2021

LightningShow said:
Is your conclusion that the security vulnerabilities are *worse* than any number of other types of infrastructure, consumer appliances, automobiles, etc., etc. or that it's just something we should consider along with all of those other things?

We used a man-in-the-middle for this attack...eventually, the components will be small enough to hide, but for now we would not be able to pull this off on an unsuspecting person.

The signal control is extremely simplistic, using a PWM signal to control the current levels.

Bottom line? This was just a way to get us started looking for attack vectors at EVSE and EVs in general, and I am not personally concerned about this happening to me.

LightningShow · Sep 18, 2021

MickeyAO said:
We used a man-in-the-middle for this attack...eventually, the components will be small enough to hide, but for now we would not be able to pull this off on an unsuspecting person.

The signal control is extremely simplistic, using a PWM signal to control the current levels.

Bottom line? This was just a way to get us started looking for attack vectors at EVSE and EVs in general, and I am not personally concerned about this happening to me.

Thanks for the feedback, I'll check out the paper. I'm in the business of installing and managing EVs and EVSE so this is relevant to me professionally.

EaglesPDX · Sep 19, 2021

Squatch said:
I would be more concerned about a nationwide hacking of charging networks being used to destabilize the Grid in strategic places for nefarious purposes.

It was the gasoline supply that actually did get hacked causing gas shortages in NE. Where you have computerized controls you will get hacking, not really an EV issue.

The Major Problem With EVs No One Is Talking About

ShirBlackspots

Well-known member

Whoosh

Well-known member

Slappy McGee

Well-known member

dhrandy

Well-known member

Squatch

Well-known member

LightningShow

Well-known member

MickeyAO

Well-known member

Brian Head Yankee

Well-known member

Diabolical!

Well-known member

Vulnox

Well-known member

MickeyAO

Well-known member

LightningShow

Well-known member

MickeyAO

Well-known member

LightningShow

Well-known member

EaglesPDX

Well-known member

Similar threads