University of Texas at San Antonio researcher Elias Bou-Harb is making strides alongside a global team in identifying the cybersecurity vulnerabilities of electric vehicle charging stations.
Bou-Harb, director of UTSA's Cyber Center for Security and Analytics, recently worked with four fellow researchers to perform a security analyses of 16 electrical vehicle charging managing systems, separately examining categories like mobile, firmware and web apps.
The team of researchers also included Claud Fachkha of the University of Dubai and Tony Nasr, Sadegh Torabi and Chadi Assi of Concordia University in Montreal.
“Electrical vehicles are the norm nowadays. However, their management stations are susceptible to security exploitations,” said Bou-Harb, who is also an associate professor in the Carlos Alvarez College of Business' Department of Information Systems and Cyber Security.
According to the Pew Research Center, 1.8 million electric vehicles were registered in the United States as of 2020. Built into their systems are internet-based functions like remote monitoring and customer billing. Internet-enabled electric vehicle charging stations perform many of these same functions.
Bou-Harb said that he and his colleagues wanted to uncover security weaknesses and their impact on electrical vehicles and the smart grid, with an eye toward sharing findings and providing recommendations so the industry could take proactive preventative security measures.
The team was able to uncover a number of cybersecurity vulnerabilities and highlighted some of the most prominent ones, including missing authentication and cross-site scripting. The team found that if a cyberattacker were to exploit these vulnerabilities, they could pose as users and access user data or manipulate the firmware itself.
According to the researchers' white paper study, they also wanted to focus on the long-term impact such an attack could have not only the charging station and its user but also on the connected power grid, which could be susceptible to a mass attack.
In order to avoid such attacks, they offered a number of practical suggestions and countermeasures. They suggested that developers of electric vehicle charging stations must create secure-by-design systems, finding vulnerabilities in product development stages and patching known issues. Developers can also implement systems that require the electric vehicle's operator to approve any requested changes to charging schedules, so an adversary could not take control of the charging system without a user's express approval.
Bou-Harb and his colleagues also recommended that power grid operators regularly monitor charging schedules of all connected charging stations for early detection of any abnormal activity, possibly through machine learning models that can monitor charging records gleaned from the data streams of charging station start meters.
They also recommended that charging station users make sure to change default credentials set up on the charging station's firmware and set up remote authentication methods, as well as configure a firewall that only allows connections between known parties.
