Photo / Getty Images.
Possibly – but more threat to chargers & networks, experts say.
Any devices connected to the internet – including connected electric vehicles (EVs), internal combustion engine cars (ICE) or EV chargers – can, and are, being hacked.
But even in this hi-tech world, maybe the biggest threat to new EV owners is much more low-tech: don’t leave your EV key too close to the front door or wherever the signal for keyless entry can still reach the car – allowing a thief to open the door just by touching the handle.
The Genesis Climate Change Hub reports that hacking is a new phenomenon coinciding with the growth in ownership of EVs. Last year, in the UK, the Isle of Wight council’s electric vehicle chargers were hacked to show a porn site. Nissan Leaf owners were warned their EVs could be remotely accessed by hackers via their app. A demonstration of this was filmed with the UK-based vehicle hacked by someone in Australia.
Modern cars arguably have more in common with your phone than with a Model T Ford. They can make calls, track traffic, play music and potentially talk to other connected devices and platforms. But, as our modern vehicles and chargers become more connected, they also become more vulnerable to cyber-attacks.
Advertise with NZME.
So how worried should you be about the risk of your EV being hacked – and is there anything you should do to protect yourself?
Tom Parker, CTO at ChargeNet, is confidently upgrading from a Leaf to a BYD Atto 3. He has seen white-hat hackers demonstrate how to remotely access a connected car but believes the risk to the individual is small: “What are people likely to do? Why would someone want to hack my car? I don’t believe there are strong motivations for people to hack your car while you’re driving it.”
Think of the car as a giant Android tablet, with the same vulnerabilities and complexities, he says. It definitely needs regular security updates and he’d like to see more manufacturers providing a long-term plan for software updates.
More of an immediate threat, Parker believes, is the chance of having your keyless car stolen from your driveway. If you keep the keys near the front door, the car can be stolen in as little as 30 seconds. Your fob emits a short-range signal that allows you to unlock your car by touching the handle and start your car with the key still in your pocket. With the right device, your fob’s range can be extended far enough for someone else to unlock your car and drive it away.
That’s such a basic hack that it’s one of the hardest for manufacturers to prevent. The best defence is for the car owner to keep the keys in a safe place – far enough from the car that it doesn’t open when the handle is touched.
Overall, however, the risks of being hacked aren’t enough to outweigh the advantages, even for tech experts. Paul Spain, futurist and host of the NZ Tech Podcast, drives a Tesla and appreciates the brand’s forward-thinking approach: “With any technology there are considerations from a cybersecurity and hacking standpoint,” he says.
“Aside from Tesla, which has been disruptive, the automotive industry has been slow in moving forward. I feel reasonably comfortable with my Tesla because if there’s some sort of issue, it’s patched and updated on a regular basis. They participate in bug bounty programmes for hackers, where they reward hackers for finding problems.”
EV chargers are connected to networks, and these can be attacked remotely. If your vehicle connects to the EV charger, it’s possible that a compromised charger could access the network’s data and discover your information. There’s also a risk of a network being shut down. For instance, in response to the invasion of Ukraine, a collective of hackers disabled Russian EV charging stations between Moscow and St Petersburg.
Advertise with NZME.
Networks take these security threats seriously and are working to protect themselves against the risk of cybercrimes. These are the same risks you face whenever a business has access to your data or provides a service you rely on: they can be targeted by cybercriminals and your data can be compromised, or their service can be held to ransom. Events like this have struck the Reserve Bank, Waikato DHB, and the NZX in recent years.
Parker says they are very aware of the risk: “ChargeNet works with charger manufacturers and New Zealand’s leading security consultancies to ensure our systems are secure and available to keep New Zealand moving.”
There is also a small risk associated with having a smart charger installed in your home. Once again, any device that’s connected to the internet can be vulnerable, including chargers that send data to an app.
“If you buy some random thing off the internet, from a non-major brand, where it’s never getting updated, it could have some sort of vulnerability and we’ve seen this with home security cameras,” says Spain. “With any technology device, if a vulnerability is found it can leave you at a level of risk, so there are important lessons around multi-factor authentication.”
That is the kind of double-checking applied often when making a bank payment or logging into email. The provider checks your identity using a second method, like a text message or email confirmation code. If you have this option for any platforms or devices, making the effort to switch it on will reduce the risk of being scammed or compromised.
As for other steps or how worried you should be, “it depends on how paranoid you are,” says Parker. You can’t turn off all the connected features in a modern car, because the systems are interlinked with critical functions.
Most of us will accept a small amount of risk in exchange for the many conveniences and features that connected cars and charging stations bring to our lives. So, if you are choosing a new car, look for a manufacturer that takes these risks seriously and pushes out regular software updates. When you recharge, choose a network that protects itself too.
For more stories like this visit the Genesis Climate Change Hub.