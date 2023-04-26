What if the charging stations of electric cars were hacked? It would be a tragedy according to a recent study by HWG, a leading company in the supply of advanced cyber security solutions: “Having control of a charging station – they explain to HWG – means being able to hack the user’s account and access the app from there with which he manages the refueling of his vehicle. And it doesn’t stop there. Having access to the app means being on your smartphone and being able to access all your data. The hypothesis that the user could find himself the victim of a ransomware and be asked for a ransom to return to the availability of the device and its contents is not at all remote. However, it is not only the individual user who is at risk. The other device that can be hacked with an input from the pillar is the car itself. This leaves open the possibility of attacks on an EV manufacturer’s entire fleet, with massive damage. Obviously – the technicians conclude – we must not forget the risk borne by the energy company that guarantees the supply, which can end up with entire supply points blocked by ransomware and a potentially millionaire ransom request”.

A huge problem given that today in Italy we have 41,173 charging points for electric cars. However, the dangers do not end here: we know that the payment is a transaction that takes place within an integrated system for the collection of the amounts. The preliminary operation is the identification of the user at the column through an ID token which often consists of a card (NFC, Near-Field-Communication) associated with a bank account. Payments are usually managed by a specific protocol (Open Charge Point Protocol), which regulates communications between the integrated system and the top-up point. This is where the request to the system to identify the user starts; the system accepts and communicates with the top-up point which is thus ready to provide the service.

The scheme, compared to other types of payment, especially banking ones, is extremely simple and according to HWC research it has several critical points, starting with the NFC cards, whose data may not be subject to encryption. This is a remote hypothesis, since the use of DES encryption for this type of objects is increasingly widespread, however, it remains a hypothesis to be taken into consideration. “Much less remote – they say to the HWC – is the risk associated with the OCPP (Open Charge Point Protocol), standard for charging stations. It is an open protocol, particularly exposed to attacks of the Man-in-the-Middle (MitM) type, during which the attacker places himself at the center of the communication between two entities; in this case the charging station and the integrated system for intercepting the data flow. It is therefore clear what type of danger the user’s data are facing, who enters the coordinates of their bank account in the column using the NFC card”.

Okay, but how can you defend yourself against possible cyber attacks? The solutions proposed by the cyber super policemen are a bit distressing. Already because they recommend loading as much as possible at home or at work, updating the App in real time and keeping sensitive information such as service access data in well-protected places, perhaps in storage devices other than computers, smartphones and cloud, and to be opened only when you are not connected to the network. So we motorists can do very little.