You wouldn’t just hand someone unrestricted access to your mobile phone, would you? Nor would you be willing to hand over your keys to a stranger who plans on taking them from you.
The electric vehicle (EV) threat landscape is now mimicking that of any other technology device, thanks to their inclusion in the digital ecosystem. While this is not necessarily a problem that is unique to EVs, it seems that more electric cars are implementing technology solutions and allowing drivers to connect with more than just their phones, opening up the attack vector landscape.
Nevertheless, with the dawn of smart EV charging, hackers are on the lookout for easy ways to steal as more drivers entrust their cars to pay for electricity—a feature unique to EVs.
The use of fintech apps has provided consumers with unforeseen levels of convenience and, as EVs enter into the digital ecosystem, they too hold the power to leverage these apps. Like any other devices these days, hackers are able to connect with cars from a distance and don’t have to race to catch their target in a Fast-and-Furious-like fashion (there are also no predator drones involved in the making of a suitable car-hacking environment).
EVs can be targeted for financial information
Although it would seem that EVs are just as good a target as mobile phones or laptops, they are unlikely to pique the interest of those after a quick cash job.
“Hackers looking for a quick cash pay-out don’t tend to target vehicles, unless they plan to steal the car itself, as it doesn’t normally give them access to personal financial data,” says Andy Barratt, UK Managing Director of Cyber Security Consultancy, Coalfire.
One of the key words within this comment from Barratt is ‘data’. Now gold dust for most organisations, data is critical for hackers in getting what they want, whether that’s a much larger pay-out or tormenting an individual for monetary bail.
“However, wider integration of fintech applications into EVs could present cybercriminals with the cash-grab opportunities they’re on the hunt for”, which would explain the importance of financial security in the development of EV solutions.
“The main security concern for an EV will be preventing access to billing systems for battery charging,” says Barratt. Fintech apps offer huge potential to streamline these processes, improve in-car experience and pave the way for innovations like ‘buy now, pay later’ and loyalty schemes,” says Barratt.
“But carmakers need to recognise that, if poorly protected, these systems could offer hackers an access route to the driver’s finances.”
The extra challenge to overcome with EVs—alongside similar problems with fintech applications—is the ability to secure car-friendly interfaces, which, if simplified, could make them more prone to cyber disruption.
Barratt says: “Authentication mustn’t interrupt the driver for safety reasons, and the temptation will be to simplify these processes, unwittingly making them easier to breach.”
Securing financial data within EVs
Now, this isn’t to scare anyone intending to connect payments to their vehicles, but to ensure that the correct methods are in place to secure data that is used for EV-related services.
On the company’s side, data should only be used where it is necessary while limiting the amount of data stored. Encryption of data, two-factor authentication, and antimalware protection tools can be leveraged to enhance the security of data.
Although these may seem like standard procedures when dealing with mobile phones and contactless payments, it’s important to emphasise the similarities between them, while also recognising that cars must follow suit if they want to utilise the benefits of digital.
Security is also a consideration for those using other means of transport, such as ridesharing and rentals. The industry is rapidly extending its use of fintech for various means: Uber, for example, collaborates with a fintech provider that offers consumers the opportunity to obtain an EV through the pay-to-rent model.
Fintech apps are also leveraging capabilities beyond their remit to provide customers with comprehensive services. An example of this is the ability to find a suitable charging station, pay for charging at the plug, and make use of other automotive services.
According to PwC’s report, ‘Cyber readiness: are auto companies prepared to counter the risk of an attack?’, every convenience comes at a cost. Automotive manufacturers must be more proactive in dealing with cyber risks before they inevitably arise, but many firms are currently only reactive to the changes in the EV landscape from an electrification standpoint.
Going forward, companies will seek out more vulnerabilities in their vehicle technology, as well as in their networks. As EVs become more connected than cars have ever been, they’ve effectively entered the digital-risk landscape, which is prone to activities affecting other technology providers.
Electrification is not just a necessary process, but one that will allow automakers to future-proof their solutions and make mobility safer, physically and digitally. The PwC report expects that cybersecurity must become part of the product design phase to ensure the best use in real-life applications.
Coalfire provides cybersecurity for the world’s innovators
The company supports the top five cloud service providers, eight of the top software-as-a-service (Saas) providers, and three of the top financial, healthcare and retail organisations.
Coalfire is committed to cybersecurity for world-leading businesses and uses cutting-edge technologies to do so. Its core services span compliance, cloud security, application security, vulnerability management, as well as strategy, privacy, and risk.
The firm supports more than 1,800 major clients in a broad set of industries, thanks to its 1,000+ employees across 10 locations.
To read more of our magazine features, click HERE to check out the latest issue of EV Magazine.