A growing number of consumers are ready to ditch the gas pump. They’re instead turning to electric vehicles when they’re ready to buy a new car or truck.
That's good for the environment. But the surge in electric car sales also provides a new opportunity for cybercriminals. Yes, electric vehicles can be hacked, and the high-tech scammers behind these cyberattacks will gladly use your EV and public charging stations to steal your personal and financial information or even disable your car or truck.
THE EV BOOM
Experian reported that of the 1.24 million new light vehicles—cars, vans, SUVs or pick-up trucks—consumers purchased in January of 2023, more than 87,700 were all-electric. That's 7.1% of the light vehicles purchased in that month, up 74% from January of 2022 when that share stood at 4.3%.
Electric vehicles, or EVs, are seeing this popularity surge for several reasons.
First, there are high gas prices. While the price of gas might have fallen from its recent highs, AAA reported that a gallon of gas still cost an average of $3.44 in the United States as of March 24 of this year. With an electric car, SUV or truck, consumers don’t have to worry about busting their budgets to fill up their cars’ tanks each week.
There are also other financial incentives to buying an EV. While electric vehicles tend to cost more than their gas-fueled counterparts, consumers can take advantage of tax breaks when buying electric-powered cars and trucks. If you bought an electric vehicle or fuel cell vehicle on Jan. 1, 2023, or later and meet certain income limitations, you might qualify for a clean vehicle tax credit of up to $7,500.
Other consumers embrace the green attributes of electric vehicles. As the U.S. Environmental Protection Agency says, an electric vehicle over its lifetime will emit a lower amount of greenhouse gases than will a gasoline-powered car. This holds true even when you factor in the electricity used to charge electric vehicles.
Electric vehicles today are also more reliable than they used to be. The U.S. Department of Energy says that electric cars today can travel for 100 to 400 miles on a single charge, depending on model. This longer driving range makes these cars more attractive to drivers.
CAN ELECTRIC CARS BE HACKED?
Because electric vehicles contain chips and software that control their batteries, cruise control systems and braking, they are vulnerable to cyberattacks. Cybercriminals can also launch attacks when the owners of electric vehicles plug them into chargers. Electric vehicles also communicate wirelessly with WiFi networks and with apps that their drivers have installed on their phones.
This combination leaves these vehicles open to malicious attacks by skilled hackers. An example? The Brokenwire attack.
In this attack, hackers wirelessly send signals to targeted electric vehicles. This causes electromagnetic interference and interrupts the connection between a public EV charging station and the vehicle. The charging station, then, won't provide the vehicle with a charge until the attack ends, according to a feature story in Security Week.
Brokenwire attacks target a specific EV charging system, the Combined Charging System, a DC rapid charging system that is used in many public charging stations. Fortunately, Brokenwire attacks don't work against home EV chargers because these systems typically rely on AC currents.
A Brokenwire attack is an inconvenience: The owners of targeted electric cars won't be able to charge their vehicles until the attack ends. But these attacks don't cause any permanent damage to electric vehicles, researchers said. The real fear is that hackers will use Brokenwire attacks to interrupt the charging of emergency vehicles, such as electric ambulances, something that could have life-threatening consequences, according to researchers.
In a recent story by the Wall Street Journal, cybersecurity experts say that in a worst-case scenario, hackers could spread malicious software to thousands of electric vehicles. The cybercriminals could freeze these cars, demanding that their owners pay a fee to unlock them. This would be a new form of the ransomware attacks that so often shut down the computers of individuals, companies and governments.
Then there are those cybercriminals who are more interested in stealing the personal and financial information of consumers. These hackers can take advantage of the increased demand for electric vehicles to launch phishing campaigns designed to trick victims into giving them their personal information, including their Social Security numbers and bank account information.
Maybe you are waiting for a specific electric car. A hacker might send an email saying that the manufacturer of this car has bumped you up in line and that your vehicle is now ready. The catch? You’ll first have to click on a link that takes you to a new web page that asks for your personal and financial information.
If you send this information, you won’t be providing it to an EV maker. Instead, you’ll be sending it to a scammer, who can use it to take out loans or credit cards in your name or access your online bank or credit card accounts. Others will sell this information on the Dark Web.
EV CYBERATTACKS ARE RARE … SO FAR
In good news, though, cyberattacks on electric vehicles or charging stations have been rare. Last February, after Russia invaded Ukraine, EV chargers along a Russian highway were shut down and their screens displayed pro-Ukraine slogans. And in April of last year, public EV chargers on the Isle of Wight were hit by cyberattacks that displayed pornography on their screens.
Another notable hack occurred in 2019 when a 19-year-old security researcher gained access to the digital car keys of more than 25 Tesla EVs scattered across the globe. From a remote location, the hacker ran programs that disabled the vehicles' security mode, unlocked their doors and opened their windows.
Fortunately, this Whitehat hacker only exposed a hole in Tesla's cybersecurity and didn't use the access he gained to steal the personal information of owners or take over control of their cars. The hack, though, does show that EVs are vulnerable to cyberattacks.
WHAT CAN YOU DO TO PROTECT YOUR ELECTRIC VEHICLE?
But while the attacks are rare now, that doesn’t mean they’ll always be. So what can you do to protect your electric vehicle from cyberattacks?
DISABLE ANY WIRELESS SERVICES THAT YOU DON'T USE
Your electric vehicle probably comes with such services as wifi, satellite radio, and Bluetooth technology. These can be useful tools, allowing you to make hands-free phone calls or giving your passengers the chance to watch movies or YouTube videos.
But these wireless services are also tempting weak points for cybercriminals to attack. This doesn't mean that you should shut off your car's wifi network. But you should research the wireless services your vehicle offers. If there are any you don't use, see if you can disable them. That will cut off at least one entry point for cybercriminals.
BE CAREFUL WHEN INSTALLING NEW SOFTWARE OR APPS
You can download apps to your EV using its in-vehicle touchscreen. That's fine. But be careful.
You might infect your vehicle with malicious software if you download apps from unknown sources. The scammers behind these apps might use them to steal your personal or financial information or to disable your vehicle.
DON’T IGNORE SOFTWARE UPDATES
If your manufacturer sends a software update to your EV’s touchscreen, don’t ignore it. You’ll typically have the option to install the update immediately or schedule it for later. It’s best to begin installation immediately.
These updates are often designed to block known threats, including viruses and malicious software. It’s important, then, to approve software updates from trusted sources to equip your EV with the latest protection.
WATCH OUT FOR PHISHING EMAILS
Be wary of any email supposedly sent by an EV manufacturer. That email saying that you’ve been moved ahead in line to purchase a new Tesla? It might be from a scammer hoping to trick you into providing your personal information. An email stating that you need to install an upgrade to your EV? It might contain a link that will flood your computer with malware.
Remember, no EV manufacturer will bump you ahead in line. Emails claiming this are scams. And no car manufacturer will ask for your personal or financial information through email. Never provide this information. If you’re worried that a request might be legitimate, call your car dealer or manufacturer and ask.
THE BOTTOM LINE
As electric vehicles continue to evolve, and the computer systems and software powering them become more complex, hackers will gain new opportunities to steal drivers’ information, disrupt public charging stations, and maybe access these cars’ controls.
Fortunately, these cyberattacks aren’t overly common yet. And there are steps you can take to protect yourself, including watching out for phishing emails or texts, updating the software behind your vehicle’s operating systems, and disabling interior wifi services that you don’t use.
And the hope is that auto makers, government bodies, thinktanks, and cybersecurity experts will continue working together to boost the security of EVs as more drivers ditch gas-powered cars and trucks. Because it’s going to take all of us to keep each other safe.