EV charging stations could be a target for hackers

May 16, 2022

A UM-Dearborn doctoral student is working to prevent charging infrastructure from becoming a new way to attack electric vehicles, the grid or your bank account.

A collage graphic showing an electric vehicle connected to an EV charger, with transmission lines in the background, flanked by cybersecurity icons.
Graphic by Violet Dashi

Electric vehicles appear to be finally hitting their stride. Six major auto companies, including Ford and GM, are now planning to completely phase out manufacturing of gas-powered vehicles in favor of EVs by 2040. In Europe and China, sales are on a tear; in the former, sales have spiked 60 percent since 2016, and Norway may be on track to completely end sales of new gas vehicles by 2025. Even in the U.S., where electric vehicles have been slow to catch on, sales nearly doubled last year. As with the adoption of any new technology, expect some growing pains. In particular, consumers continue to have anxiety about vehicle range, and state and federal governments have been slow to build adequate fast-charging infrastructure to ease their concerns. UM-Dearborn electrical engineering doctoral student Mansi Girdhar says we should also have our eye on the potential cybersecurity risks from EVs. The reason? Because EVs have to connect to electrical infrastructure to charge, they serve as a possible access point for hackers to infiltrate vehicle computer systems, steal our credit card information, and even launch a large-scale attack on the grid.

A headshot of doctoral student Mansi Girdhar
Doctoral student Mansi Girdhar

When Girdhar began searching for a topic for her dissertation research, she found lots of work on vehicle security and grid security, but interestingly, not that much on the potential weak link between the two. However, EV chargers, in many ways, are a perfect target for hackers. Because they’re so new, there aren’t universal standards for their manufacturing, let alone for their cybersecurity frameworks. And because they connect technologies that are so critical to our daily lives, they could be a beachhead for all kinds of attacks. In a best case scenario, a hacker might infiltrate a charging station, which typically have built-in payment processing systems, just to steal your credit card information. But in more serious cases, Girdhar says someone could use an insecure charging station to attack your vehicle, directly compromising its safety. In the worst case scenario, a compromised EV charger could even be used to launch an attack that cascades across the electric grid, causing power disruptions to millions of people.

Girdhar’s work is focusing on a couple important aspects of the problem. First, she’s taking a deep look at how charging stations actually connect to vehicles when they’re charging to suss out what kind of vulnerabilities exist. When you charge your EV, it typically involves several of your car’s on-board electronic components and controllers, which coordinate with each other using something called a Controller Area Network (CAN). It’s a communications system that’s vital to most modern cars and is thus preferred by the auto companies. “But the problem is, CAN is not very secure,” Girdhar says. Lots of work has been done, in fact, documenting how vulnerable these intra-vehicle networks can be, an area which Girdhar is now contributing to. By documenting the grid-charger-vehicle network’s most serious potential vulnerabilities, Girdhar says manufacturers and researchers can start coming up with better defense strategies. 

In fact, a second piece of Girdhar’s work is taking a look at that. “We’re actually not assuming that we can design a charger that is hack proof — we’re not trying to make it immune,” she says. “Instead, we want to be able to detect an attack as it’s happening, and identify what kind of attack, so we can then deploy the correct defense in real time.” To do this, Girdhar says they’ll be using an approach called anomaly detection. This involves using machine learning to develop a fingerprint of what normal computing activity looks like when a vehicle is charging, so the system can then identify when something appears out of the ordinary.

Girdhar says her research has also inspired a whole new path for her career. Her previous master’s work was in 5G wireless communications, but she’s liking this subject so much, she says her new goal is to pursue an academic career focusing on the cybersecurity of electric vehicles. With EVs charging into the future, we’re glad she’s part of the effort.


Story by Lou Blouin