The vast world of the Internet of Things (IoT) offers new solutions every day, ranging various sectors, including the automotive industry, which is investing significant resources to provide increasingly effective solutions to the market. Driven by the need to protect the environment and counter climate change, the automotive industry is constantly focusing on the development of electric vehicles, resulting substantial transformations, especially in the field of energy supply.
The change is taking place in the area of refueling, with the creation of more and more points for electric vehicle charging.
According to a survey conducted by Motus-e in January 2022, there were fewer than 250,000 registered electric cars in Italy, just over half of which were so-called 'pure', battery-powered cars. Motus-e reports that at the end of September 2022, there were more than 32,700 recharging stations, with a 32% growth compared to the same period in the previous year.
While these figures are a sign of a thriving and promising sector, they also raise concerns about cybersecurity. Every connected object, every endpoint in the IoT ecosystem is a gateway for cyber criminals to enter the system. There are numerous cases of attacks to steal data and information.
The major risks
Among the criminal episodes that have received the most attention is the one that occurred on the Isle of Wight, England, in the spring of 2022, where pornographic videos appeared on the monitors of three charging stations. Another attack was reported in February of the same year on charging stations along St. Petersburg-Moscow highway, where the charging systems were disabled and insults to Vladimir Putin and messages of support for the Ukrainian troops were displayed.
The media focus stopped at the playful and political aspect of the two incidents, which, however, have more concrete consequences on the lives of users. Taking control of a charging station means being able to violate the user's account and enter the app with which they manage the refueling of their car. Accessing the app means being on their smartphone and accessing all their data. It is not a far-fetched to assume that the user may become a victim of ransomware and be asked to pay a ransom to regain control of the device and its content.
However, it is not only the individual user who is at risk. The other device that can be hacked with an entry from the charging station is the car itself. This leaves the possibility open to attacks on the entire fleet of an electric vehicle manufacturer, with considerable damage. Of course, the risk extends to the energy company that guarantees the supply, which can find itself with entire refueling points blocked, again, by a potentially million-dollar ransomware demand.
The scenario to consider
In an increasingly digital future, where most everyday objects will have software, the issue of cybersecurity is crucial. However, it still remains in the background, especially in sectors where the so-called MVP (Minimal Viable Product) logic is practiced, according to which a device must be developed quickly, put on the market immediately and tested by users. If the response is positive, ongoing integrations are carried out, and only in this phase, cybersecurity is taken into account.
This logic - typical of start-ups - leads to dangerous vulnerabilities, especially when considering what is likely to happen when smart objects are connected to an ultra-performing network such as the 5G network. A network with a young architecture, which in turn will require further development in terms of security.
The data emerging from the research thus outlines a scenario that should not be underestimated, emphasizing once again the imperative of the cybersecurity issue for the automotive sector as well.