Could “hackers” abuse electric car charging stations to crash the grid because of smart grid features? That piece of fearism was presented recently at a security conference, and while the researcher laid out several plausible attack routes, he didn’t demonstrate a working attack.
The basic idea is that electric cars and electric car charging stations are or will in the near future have “smart grid” features. The purpose of those features is so that electrical utility companies can send out signals to ramp down the charge rate if needed to maintain grid stability, for example.
The presentation was made by Ofer Shezaf, product manager security solutions at HP ArcSight. He outlined a long list of possible attack scenarios in which an evildoer could subvert a charging station, causing it to send malicious commands to the smart grid. Presumably that could potentially crash the grid? Who knows?
He suggests we need smart grid based smart charging because of: System Planning; Supply Management; Load Management; Additional Customer Services; EV Charging Management; EV Charging Network Management; etc
His point is that it’s a “computer on the street”. And, indeed, it is, and this is endemic because there’s this growing computerization of all the things around us. The technology industry calls this “the Internet of Things” with the computerization of everything, and connecting all those things to a common data network.
The components in a charging station are: LCD display, main circuit board, RFID reader, WiFi or cellphone network or bluetooth wireless communication, Zigbee and other smart grid protocols, power supply, charging cord, etc.
Charging stations are rarely standalone. Most of them are connected to a charging station network, and do various network protocols to talk with the networks. Charging stations communicate with smart grid protocols with the grid, but they also communicate over the Internet using Internet protocols to talk with the charging station network.
What about the security threat? I’ve read the slide deck (below) fairly carefully but don’t grok how an electric car charging station has a different security threat pattern than other computerized smart grid devices? In any case let’s run through the types of threats he examined:
Physical access: Gaining physical access to the device that then lets the attacker disassemble the EEPROMS so they can look for vulnerabilities.
Short range communications (RS485): There’s no inherent security on this channel, that’s commonly used as an interconnect between gizmos in a device. Hence it’s a possible vector for an attack.
Short range communication (RFID): Identification information e.g. the membership card will be identified by RFID. The security of the identifiers is not strong. I think he’s implying that someone could forge a card to pretend to be someone else.
Internet of things – protocol security: As I noted earlier, the charging stations are almost always Internet-connected devices using a range of protocols for various purposes. SSH and SNMP are used for management, and there’s a range of protocols for other parts of station management. Clearly there’s a big question of how secure those protocols are.
Configuration: Sometimes to configure the device you connect a laptop to an ethernet port, and fire up a web browser. That might not be great security.
Denial of Service: These attacks are commonly sent at websites, but what if it’s aimed at infrastructure? Because charging stations are on the Internet they’re vulnerable to DoS attacks.
The slide deck simply named off a long list of plausibly possible attacks on electric car charging stations and charging networks. Whether there’s an actual danger depends on the insecurity of each piece.
- Highway design could decrease death and injury risk, if “we” chose smarter designs - March 28, 2015
- GM really did trademark “range anxiety”, only later to abandon that mark - March 25, 2015
- US Government releases new regulations on hydraulic fracturing, that some call “toothless” - March 20, 2015
- Tesla Motors magic pill to solve range anxiety doesn’t quite instill range confidence - March 19, 2015
- Update on Galena IL oil train – 21 cars involved, which were the supposedly safer CP1232 design - March 7, 2015
- Another oil bomb train – why are they shipping crude oil by train? – Symptoms of fossil fuel addiction - March 6, 2015
- Chevron relinquishes fracking in Romania, as part of broader pull-out from Eastern European fracking operations - February 22, 2015
- Answer anti- electric car articles with truth and pride – truth outshines all distortions - February 19, 2015
- Apple taking big risk on developing a car? Please, Apple, don’t go there! - February 16, 2015
- Toyota, Nissan, Honda working on Japanese fuel cell infrastructure for Japanese government - February 12, 2015