"EV Charging Infrastructure Offers an Electric Cyberattack Opportunity"

Cyberattackers and security researchers have begun focusing on Electric Vehicle (EV) charging infrastructure security vulnerabilities. Researchers from the energy-network cybersecurity company Saiflow uncovered two vulnerabilities in the Open Charge Point Protocol (OCPP) that could be exploited for Distributed Denial-of-Service (DDoS) attacks and the theft of sensitive data. The Idaho National Laboratory discovered that every EV charger it examined, also known as Electric Vehicle Supply Equipment (EVSE), was running outdated versions of Linux, had unnecessary services, and allowed many services to run as root. According to the study, other potential problems include Adversary-in-the-Middle (AitM) attacks and Internet-exposed services. When Russia invaded Ukraine a year ago, hacktivists infiltrated and disabled EV charging stations near Moscow to demonstrate their support for Ukraine. According to JD Power, EVs accounted for 5.8 percent of all vehicles sold in the US in 2022, up from 3.3 percent in the previous year. The US Department of Energy (DOE) reported that nearly 51,000 Level 2 and DC Fast charging stations are now available in the US, with the capacity to charge 130,000 vehicles simultaneously. This article continues to discuss the growth in EV charging infrastructure and the vulnerability of this infrastructure to cyberattacks.

Dark Reading reports "EV Charging Infrastructure Offers an Electric Cyberattack Opportunity"