Hackers exploit vulnerabilities in charging infrastructure, vehicle software, and grid connectivity to threaten driver safety, data privacy, and energy systems. Recent research reveals systemic weaknesses across the EV ecosystem, from unsecured internet-connected charging stations to flaws in over-the-air update systems, raising urgent questions about automotive cybersecurity preparedness as the industry scales toward mass electrification. EV charging stations, particularly public fast-charging networks, contain critical vulnerabilities that could enable grid destabilization, data theft, and vehicle compromise. With researchers demonstrating inexpensive tools capable of hijacking charging sessions and young hackers remotely compromising EV fleets, the time for reactive security measures has passed. Researchers have demonstrated how power line communication flaws in DC fast-chargers enabled “adversary-in-the-middle” attacks, intercepting authentication keys and manipulating charging parameters. Researchers have demonstrated how hackers could chain vulnerabilities in infotainment systems to gain root access to safety-critical systems like braking and steering. The open-source charging firmware used in commercial stations worldwide has contained critical vulnerabilities that allowed remote code execution through insecure protocol implementation. Most manufacturers treat data security as an afterthought, with vulnerabilities in telematics systems that could leak real-time location data and authentication credentials. Breaches of automotive backend systems have revealed how compromised API keys could remotely unlock doors, start engines, and manipulate emergency vehicle lights. The fragmented regulatory environment complicates vulnerability disclosure, with researchers reporting long delays in patching critical firmware flaws in charging equipment. EVs generate massive amounts of data hourly, including detailed driver behavior patterns, charging histories, and biometric information from cabin sensors. Researchers have demonstrated how compromised infotainment systems could deploy ransomware across vehicle fleets. Studies have found that many tested stations lacked basic network segmentation, allowing attackers to pivot from payment systems to energy management controls. Experts note a convergence of IT and automotive security failures, where attackers no longer need physical access- a vulnerable OTA update server or third-party app integration can provide complete vehicle control. Similar exploits have enabled researchers to jailbreak vehicles, bypassing paywalls for premium features while exposing driver geolocation data and authentication tokens.
This Cyber News was published on cybersecuritynews.com. Publication date: Wed, 14 May 2025 11:30:02 +0000