BALTIMORE, MD—As electric vehicles (EVs) become more sophisticated with integrated digital features, cybersecurity in this sector is facing unique challenges, according to experts.

As of October 31, 2024, Maryland had over 120,000 registered electric vehicles (EVs). This includes both battery electric vehicles (BEVs) and plug-in hybrid electric vehicles (PHEVs).

Michael Moore, IT Expert and Chief Information Officer at Next Perimeter, a leading cloud-first cybersecurity company, warns that while manufacturers are taking steps to secure these vehicles, the risk of cyber attacks remains.

“While companies are doing everything they can to minimize cyber attacks, unfortunately, they are still a possibility,” Moore said.

EVs are equipped with complex software that manages everything from navigation to battery efficiency, often connecting to the internet for features like remote control and real-time diagnostics. This connectivity, while enhancing functionality, also increases vulnerability to cyber threats.

Between 2010 and 2023, 22% of cyber incidents in the automotive industry resulted in data and privacy breaches. These breaches could expose sensitive vehicle-related data like driver behavior, GPS history, or remote access features.

Moore outlines several risks:

• GPS Tracking and Location Data: Continuous data collection could reveal a driver’s location and habits, potentially leading to privacy invasions or theft.
• Unauthorized Third-Party Data Sharing: Data shared with third parties for services like navigation might be misused if not properly managed.
• Potential Hacking of Vehicle Controls: Despite being rare, incidents of vehicle manipulation comprised 3% of cybercrime impact in the automotive sector over the same period.
• Software and Firmware Update Vulnerabilities: Updates could serve as entry points for malware if not secured adequately.
• Lack of Transparency and User Control: Without clear policies, users might unknowingly consent to extensive data collection.

Hackers target electric vehicles through methods like ‘juice jacking’ at public charging stations, where they can introduce malware through compromised charging ports. Insecure mobile apps linked to EVs also pose risks if not encrypted properly.

“To mitigate these risks, EV manufacturers must prioritize comprehensive cybersecurity frameworks,” Moore recommends, suggesting secure, validated channels for software updates.

For consumers, Moore offers these protective measures:

• Secure Home Charging Stations: Ensure home chargers are protected against unauthorized access.
• Use Secure Mobile Apps: Only use apps with strong security protocols.
• Implement Two-Factor Authentication: Add an extra layer of security to vehicle app access.
• Regularly Update Vehicle Software: Keep the car’s software up-to-date to patch vulnerabilities.
• Monitor Network Connections: Be cautious of networks your EV connects to.
• Use Secure Payment Methods: Prefer secure payment options for transactions related to the vehicle.
• Review Privacy Settings: Understand and adjust the privacy settings of your EV.
• Be Cautious with Third-Party Accessories: Avoid using accessories that might not be secure or could introduce vulnerabilities.
• Educate Yourself on EV Security: Stay informed about potential threats.
• Perform Regular Security Audits: Check your vehicle’s security status periodically.

Moore concludes, “To protect their data from hackers, electric vehicle owners should adopt a comprehensive approach that includes both technical measures and cautious behavior. Your EV needs the same, if not higher, levels of protection to keep it safe.”

Photo via Pixabay