Are Electric Cars Actually Easier to Hack?
Change can be scary. In the case of electric cars, itās easy to imagine a future in which hackers can have their way with your EVāeven manipulating how it drives. But the truth is that electric cars are not inherently more vulnerable to hackers than modern internal combustion vehicles. And despite automotive journalistsā best efforts to keep up with this rapidly evolving world of EV cybersecurity, early reporting exaggerates certain risks while failing to cover others.
Are electric cars easier to hack?
No. Electric cars are not inherently easier to hack. Their simple architectures may eventually make them more challenging to hack. But startups have fewer resources to devote to their early EVsā cybersecurity than legacy automakers do.
Some have argued that electric cars run cybersecurity risks because they have an abundance of computers, receive software updates over wireless networks, and have fully electronic driving controls. But the truth is that almost every modern internal combustion car shares these same features.
When security experts hacked a Tesla to prove it could be done, they went in through the infotainment system. Obviously, they could have attempted the same attack on any modern car, whether an EV or ICE.
In fact, EVs have fewer complex parts and thus may prove less vulnerable in the long run. For example, shutting down a modern vehicleās transmission control unit, engine control unit, or even its electric fuel pump would render it inoperable. But an EVās powertrain consists of an electric motor attached to a battery. Thatās it.
Brandon Barry is the founder and CEO of Block Harbor Cybersecurity which specializes in automobiles and has done extensive hands-on research with EVs. He said, āIn general, EVs are mechanically simpler because they have less moving parts. In many cases, this has allowed automakers to centralize their EVās electronic architecture which can make securing it easier. But make no mistake ā more software and more electronics are entering into all vehicles, electric or not.ā
Which EVs are the most secure?
You might want to think twice about which EV you choose. Block Harbor bought one of the first Mustang Mach-Es to study an EV that was ārushed to market very quickly.ā Barry said, āIn the end, there was nothing that was obviously skipped in the cybersecurity of the vehicle due to the transition to the EV. Ford did a pretty good job at ensuring that that EV inherited a lot of the cybersecurity efforts from the previous vehicles.ā
But vehicles engineered by startups are more concerning. These smaller EV companies donāt have the same resources to dedicate to cybersecurity as legacy automakers. In the current industry, getting vehicles to market rapidly is critical to a startupās success.
Barry warns, āThings like cybersecurityāthat tend to slow down the development process and delivery of those vehiclesācan be overlooked.ā
Can you hack an electric vehicle charging network?
Yes. Hackers have already proven they can break into EV charging stations. Documented attacks only include messing with the display screens, but criminals holding a charging network hostage is a distinct possibility.
In a recent article, the Wall Street Journal speculated that hackers could load malware onto chargers to infect any EVs that plug in. While anything is possible, the Journalās own sources are much more concerned about a different EV cybersecurity threat. The Electric Vehicle Charging Association said, āThe security of our electrical grids is of critical importance as we transition to electric vehicles.ā This is because if bad actors could hold a major charger network hostage, the disastrous consequences could be as far-reaching as the oil embargo of the 1970s.
Barry agreed, āIām generally more concerned about the chargers themselves than someone moving laterally into the vehicle.ā
Is it possible to infect an EV through its charger? Barry added, āThe industry is viewing the charging system as already compromised. And theyāre taking very defensive strategies against the charger port.ā
Should you be concerned about your EV being hacked?
If you choose an automaker with a proven track record of good cybersecurity practices, thereās no reason to suspect your EV will be more vulnerable to a cybersecurity attack than a modern internal combustion car.
With technology changing rapidly, EV automakers are doing their best to adapt to an evolving cybersecurity landscape. And journalists are doing their best to report on the changes. But we donāt always get it right.
The aforementioned Wall Street Journal article states that āan internal-combustion luxury car can have about 150 electronic control units.ā It then cites a cybersecurity expert who has no apparent automotive experience saying, āthatās nothing compared to the 3,000 chips that weāre seeing in the average EV.ā But this wording misses that control units and chips are different things: an EV can also get away with 150 control units while a modern ICE can also have 3,000 chips.
Technical details aside, our tone when discussing such threats is critical. The WSJ article is typical in ending with a quote, āSometimes we need a wake-up call,āā suggesting things will get worse before they get better.
The less dramatic truth is that the industry does not need a wake-up call. Block Harbor works with multiple OEMs. Barry concluded, āThere are global regulations going into effect that are really setting the bar for what the cybersecurity of vehicles should look like. And thereās not an automaker out there thatās not seriously looking at this, and ensuring that passengers arenāt going to be exploited.ā
In the meantime, we can all seek to educate ourselves on automotive cybersecurity. We can also ask automakers and dealers about the security offered by new ICEs and EVs, sending a clear message that this is an important issue to us drivers.
Next, see our full interview with Brandon Barry, or learn more about how hackers might target charging stations in the video below: