How We’re Boosting EV Charger Security

August 12, 2021
Ashley Grealish
Blog

The BBC and Pen Test Partners have recently published a study into the security of Electric Vehicle (EV) Smart Chargers, highlighting issues with a number of the tested manufacturers. At ev.energy, we are working to improve security across the industry, helping charge point manufacturers improve their products. Our solutions make charging points simple to use for drivers, whilst ensuring devices are resilient to cyberattacks and your user data is kept safe.

Here’s how we do it.

Our vision for secure EV charging secure

ev.energy provides greener, cheaper and simpler charging to everyone. We want to accelerate the decarbonisation of transport, by securely and reliably charging every EV at the best times for the electricity grid. And we want to give drivers the tools, functionality and flexibility to override home charging if they need to.

Our work with Rolec

We can help bring your charging points on to our secure, private and encrypted network. This reduces the risk of a hacker gaining control of the charger. The report highlights the benefits of this approach:

Of the above, Rolec was the most secure, particularly as it used a SIM and mobile data for transmission of data. This made traffic interception somewhat harder than with a Wi-Fi connection, though not impossible.

We’re building the world’s largest network

Security has the power to build trust with drivers and deliver benefits across the energy system. Brands including E.ON, Volkswagen, Siemens, and Schneider Electric already use ev.energy to meet the highest security standards. We’ve been working with multiple charge point and home charger manufacturers to design systems that can guarantee security and deliver a smooth customer experience. We are now doing this at scale, helping to onboard thousands of customers every week on the ev.energy platform.

Security by design

Designing a secure charging point system is not easy. There are many possible risks with EV chargers but these main issues are:

  • Authentication – how are you sure that only trusted people can command your charge point?
  • Identity – how can you be sure that the data you get from charge point X is really coming from charge point X and not a malicious impersonator?
  • Encryption – How can you be sure that no one can intercept the data passed between your charge point and a backend and not modify it?
  • Firmware Management – How can you ensure only code you have written can run on your devices?
  • Hardware design – How can you be sure someone with physical access to your charge point cannot export confidential information which would allow them to hack other devices?

With us, every car is secure

A secure system is not achieved with one solution alone. Layering multiple solutions throughout the system can build on and enhance each other and make a system secure overall. As well as your secured network, we layer on top further encryption layers such as the recommended TLS encryption on OCPP. This provides additional protection which prevents security flaws in the very unlikely case that our secure network is compromised. Once your devices are on our secure network, we can work with you to apply these extra layers. These include:

  1. Authentication. Each charge point must be able to identify itself in a trusted manner and no other charge point or malicious user should be able to impersonate it. Not doing this correctly could mean we receive untrusted data and make uninformed decisions about charging, putting power grid stability at risk. In fact, we do not allow any charge point without this basic level of protection onto our network.
  2. Firmware. Without this layer, it could be possible for hackers or malicious users to run any code they want on your charge points. This puts not only your charge point and the grid at risk but also any other networked device on your customers’ home Wi-Fi.

These are just a couple of layers of security we can help with. There are many more that we can help advise on – for example advice on secure hardware design, design of secure admin interfaces, installation processes, home networks and more. We have also worked closely with Pen Test Partners who wrote the report featured in the article and have undergone testing to prove our system to be secure. We believe strongly that secure systems will help drive adoption of electric vehicles and progress our goal of delivering greener, cheaper and simpler charger for these.

Latest posts

Similar articles