Could electric car charging station vulnerabilities threaten the smart grid and hackers crash the grid?

Could “hackers” abuse electric car charging stations to crash the grid because of smart grid features?  That piece of fearism was presented recently at a security conference, and while the researcher laid out several plausible attack routes, he didn’t demonstrate a working attack.

The basic idea is that electric cars and electric car charging stations are or will in the near future have “smart grid” features.  The purpose of those features is so that electrical utility companies can send out signals to ramp down the charge rate if needed to maintain grid stability, for example.

The presentation was made by Ofer Shezaf, product manager security solutions at HP ArcSight.  He outlined a long list of possible attack scenarios in which an evildoer could subvert a charging station, causing it to send malicious commands to the smart grid.  Presumably that could potentially crash the grid?  Who knows?

He suggests we need smart grid based smart charging because of:  System Planning; Supply Management; Load Management; Additional Customer Services; EV Charging Management; EV Charging Network Management; etc

His point is that it’s a “computer on the street”.  And, indeed, it is, and this is endemic because there’s this growing computerization of all the things around us.  The technology industry calls this “the Internet of Things” with the computerization of everything, and connecting all those things to a common data network.

The components in a charging station are:  LCD display, main circuit board, RFID reader, WiFi or cellphone network or bluetooth wireless communication, Zigbee and other smart grid protocols, power supply, charging cord, etc.

Charging stations are rarely standalone.  Most of them are connected to a charging station network, and do various network protocols to talk with the networks.  Charging stations communicate with smart grid protocols with the grid, but they also communicate over the Internet using Internet protocols to talk with the charging station network.

What about the security threat?  I’ve read the slide deck (below) fairly carefully but don’t grok how an electric car charging station has a different security threat pattern than other computerized smart grid devices?  In any case let’s run through the types of threats he examined:

Physical access:  Gaining physical access to the device that then lets the attacker disassemble the EEPROMS so they can look for vulnerabilities.

Short range communications (RS485): There’s no inherent security on this channel, that’s commonly used as an interconnect between gizmos in a device.  Hence it’s a possible vector for an attack.

Short range communication (RFID): Identification information e.g. the membership card will be identified by RFID.  The security of the identifiers is not strong.  I think he’s implying that someone could forge a card to pretend to be someone else.

Internet of things – protocol security: As I noted earlier, the charging stations are almost always Internet-connected devices using a range of protocols for various purposes.  SSH and SNMP are used for management, and there’s a range of protocols for other parts of station management.  Clearly there’s a big question of how secure those protocols are.

Configuration: Sometimes to configure the device you connect a laptop to an ethernet port, and fire up a web browser.  That might not be great security.

Denial of Service:  These attacks are commonly sent at websites, but what if it’s aimed at infrastructure?  Because charging stations are on the Internet they’re vulnerable to DoS attacks.

The slide deck simply named off a long list of plausibly possible attacks on electric car charging stations and charging networks.  Whether there’s an actual danger depends on the insecurity of each piece.

About David Herron

David Herron is a writer and software engineer living in Silicon Valley. He primarily writes about electric vehicles, clean energy systems, climate change, peak oil and related issues. When not writing he indulges in software projects and is sometimes employed as a software engineer. David has written for sites like PlugInCars and TorqueNews, and worked for companies like Sun Microsystems and Yahoo.

About David Herron

David Herron is a writer and software engineer living in Silicon Valley. He primarily writes about electric vehicles, clean energy systems, climate change, peak oil and related issues. When not writing he indulges in software projects and is sometimes employed as a software engineer. David has written for sites like PlugInCars and TorqueNews, and worked for companies like Sun Microsystems and Yahoo.

Leave a Reply