our stories

tech never sleeps, so neither do we

The security challenges of electric cars

We all understand that we must make the transition to electric vehicles which are powered by renewable sources if we are to achieve our global net zero goals. However, as we rush to put the infrastructure in place and invest in new electric vehicles, what are the new risks to which we might be exposed?

There are a number of new security risks which the switch the electric cars presents. In this blog, we identify four of the key security challenges and suggest solutions to help you manage the risks.

1

Unauthorised control of the vehicle

The biggest fear and gravest risk associated with any vehicle with a degree of automated control must be control of the vehicle by unauthorised actors or compromised systems. A vehicle is, effectively, a lethal weapon, so the possibility of one being used by a malicious actor is worrisome.

It sounds like something out of a science fiction horror story but, in fact, there are numerous examples of hackers taking control of vehicles. In 2019, researchers hacked into Tesla vehicles and were able to unlock doors, open windows and disable security settings. Tesla isn’t the only manufacturer to be vulnerable to this type of attack. Mercedes-Benz, Ferrari and the vehicle systems GoldStar and OneStar have all proved to be vulnerable to this type of attack. In the latter case, the hackers were able to take control of law enforcement vehicles.

Against this type of attack, the onus lies firmly with the manufacturer to ensure that the right level of cyber security measures are in place and cyber security vulnerabilities are proactively sought out and addressed.

2

Data privacy

An electric vehicle stores a great deal of information of a personal nature. Vehicle telematics produce data on the location and operation of the vehicle, as well as sudden acceleration and braking and trip histories. GPS navigation systems also record trip histories and info-entertainment systems understand the drivers’ voice commands and entertainment and music choices. The data collected by these systems includes personally identifiable information, which creates privacy and cyber security concerns. If hacked, such data could cause serious privacy issues.

3

Facial recognition software presents an even greater privacy risk

In some electric car models, facial recognition software is used as part of the vehicle’s autopilot systems. An in-car camera is used to capture biometric data and monitors facial and eye movement to measure the driver’s attention levels. In 2023, a class action lawsuit was filed in the USA against Tesla for violating the Biometric Privacy Act. The complainants argue that the loss, theft or misuse of facial recognition data is far more intrusive than another type of data breach. Unlike a computer password, individuals can’t change their facial geometry. While the case is expected to set a precedent in the USA about the ramifications of misusing drivers’ data, it also highlights the need for exceptional data privacy and strong cyber security in electric cars which rely on facial recognition software and their supporting systems.

4

Insecure infrastructure 

One of the ways that malware can find its way onto an electric vehicle is through the infrastructure to which the car is connected. This includes public and private charging stations and the third-party apps which electric car drivers use.

There have been cases in which charging stations were hacked and used to download malware onto a vehicle. In the Isle of Wight, hackers disrupted the charging service by displaying inappropriate content on the EV monitor and displaying high-voltage fault codes which prevented drivers from charging their vehicles.

In addition, interfaces and apps are potentially vulnerable to data theft and spoofing. For example, third-party payment software could be spoofed to capture drivers’ credit card or other payment information.

What can we do to improve the cyber security of electric cars? 

One of the problems facing the automotive industry is the lack of standardisation around electric vehicles and their infrastructure. As the technology matures, we can expect greater standardisation and the improved development of and adherence to standards and protocols which will make it possible to implement industry-wide protections and minimise the likelihood of inconsistencies and vulnerabilities.

From a driver’s point of view, maintaining connected vehicles so that systems, firmware and software is kept up to date is vital for ensuring that you have the latest security updates, fixes to address known vulnerabilities and the best cyber security protection. Over the air (OTA) updates are one way in which manufacturers are aiming to ensure that their electric cars have the latest features, bug fixes and security patches.

stuck for answers?

Understand the questions