Cybersecurity vulnerabilities in Electric Vehicles

Cybersecurity vulnerabilities in Electric Vehicles
admin
March 4, 2024
11:33 am
No Comments

The automotive industry is undergoing a transformative revolution with the emergence of electric vehicles (EVs). These vehicles, featuring cutting-edge internet connectivity and integrated technologies, are redefining the driving experience by enhancing safety, efficiency, and convenience. However, the increasing connectivity of EVs creates new cybersecurity risks.

Major cybersecurity risks in EV ecosystem

Hacking and Unauthorized Access to Vehicles

Many EVs employ unlocking mechanisms through either mobile apps or RFID chips. Regrettably, the security of car manufacturers’ apps has been proven to be susceptible as mobile apps, even iOS based, are hackable. This dual vulnerability provides hackers with distinct avenues for gaining unauthorized access to an EV’s systems. The potential consequences include the risk of life-threatening accidents. For instance, envision the repercussions of exploiting vulnerabilities in autonomous fleets – it’s akin to unleashing missiles on our roadways.

The breach in the telematics system

Compromising a telematics system provides attackers with unauthorized access to the vehicle’s GPS data. This information may be exploited for stalking, theft, or other malicious purposes.

Telematics systems, by nature, collect and transmit personal details, including driver habits and frequently visited addresses. In the event of a security breach, this sensitive data could be accessed, raising privacy concerns and the potential for misuse

Malware and Software Vulnerabilities

Malicious software, or malware, can infiltrate EVs, posing significant risks to their functionality, safety features, and data integrity. The repercussions of such attacks span from inconveniences and financial losses to potential threats to public safety. Given the intricate interconnectedness of EV components with various systems, hackers possess the ability to cause extensive and virtually unlimited damage.

Cybersecurity Risks in the EV Charging Networks

The Electric Vehicle Supply Equipment (EVSE) industry is experiencing phenomenal growth due to the increasing demand for EV charging points. Unfortunately, due to their unique position at the intersection of the energy, power from grid and transportation sectors, EVSEs are highly susceptible to cyberattacks

Real-Life cases of security breaches:

Tesla

Three IT security researchers from TU Berlin successfully manipulated Tesla’s driving assistant, activating a clandestine “Elon mode” that grants hands-free full self-driving capabilities, previously uncovered by hackers.

By inducing a brief two-second voltage drop of 560 millivolts, the researchers gained access to the ARM64-based circuit board of Tesla’s autopilot. This exploit allowed the extraction of arbitrary code, user data, cryptographic keys, and crucial system components, unveiling the system’s inner workings. Notably, this vulnerability could potentially grant unauthorized access to premium features without payment.

All Tesla vehicles, irrespective of the owner’s purchase of the driving assistance system, are susceptible to such attacks since they share the same circuit board.

Xiaomi

Xiaomi, a prominent electric scooter manufacturer, has historically held a leading position in the market. However, recent sales have witnessed a decline attributed to subpar safety standards. A case in point is the M365 electric scooter.

Researcher Rani Idan from the San Francisco-based exploit seller Zimperium has brought to light a vulnerability within the Xiaomi M365 electric scooter. This vulnerability could potentially empower attackers to remotely manipulate the vehicle, causing issues such as abrupt acceleration or braking. The crux of the problem lies in the authentication process of the scooter, or rather, the lack thereof.

Idan reveals that the passwords utilized to authenticate the scooter’s onboard computer systems are not being appropriately employed in the authentication process. Since the password is only verified on the application side and not monitored within the scooter itself, all commands can be executed without the need for the password, posing a significant security risk.

Our strides towards reducing such security vulnerabilities

At Mazout, our singular focus revolves around the software-defined capabilities of EVs coupled with enhancement of hardware security from India. Our steadfast commitment to intensive hardware security research stands as a pivotal stride in realizing this overarching goal. We are deeply immersed in the continuous exploration and analysis of existing vulnerabilities and threats inherent in hardware devices.

Our dedication to comprehensive research serves a dual purpose. Firstly, it fortifies our capabilities to develop robust security solutions, ensuring the integrity and resilience of EV hardware systems. Secondly, and equally significant, it positions us as contributors to the broader community’s understanding of the intricacies of hardware security.

Through our ongoing research efforts, our aim is to disseminate essential knowledge within the community, empowering users to safeguard their riding experience with confidence. We recognize the dynamic landscape of cybersecurity and understand the necessity of staying ahead of emerging threats.

Stay tuned for a deeper exploration into the intricate world of these components, where security and innovation intersect.