Electric vehicles are vulnerable to a cybersecurity attack that prevents them from charging, with experts raising fears that criminal gangs are extorting NHS ambulances by hacking their software.
The so-called Brokenwire technique can be operated using ‘off-the-shelf’ equipment and ‘minimal technical knowledge’, says the University of Oxford team behind the discovery at the Telegraph.
Richard Baker, one of the researchers, said: “The impact is that the cars stop charging, but you have to come in and unplug the plug…to get it back on.”
His colleague Sebastian Köhler added that a malicious radio signal can be streamed to reach what experts call a “denial of service” condition. EV chargers within range of the attacker’s radio would be inoperable until the transmitter was found and disabled.
Professor Alan Woodward of the University of Surrey said the charger deactivation technique was of concern because of the number that could be stopped remotely by a single person.
He said: ‘The real concern is that it looks like it can hit systems en masse and although it requires wireless contact it can stand at some distance.’
Mr Baker raised the specter of electric vehicles being disabled by miscreants walking or driving past banks of car chargers, such as those found at motorway service stations.
An academic paper published by the team pointed out that the NHS plans to buy all-electric ambulances, while the US government plans to buy 645,000 electric vehicles in the coming years.
Professor Woodward, a cybersecurity expert, said: “I foresee random attacks or even protection money being demanded by criminals who abuse this technique.”
According to the Oxford team, electric vehicle charging can be interrupted up to 50 meters away using off-the-shelf equipment such as software-defined radios (SDRs).
SDRs are radio transmitters with a small on-board computer that can be programmed to broadcast a specific signal. The researchers said a suitable radio, antenna and power supply would fit in a small backpack.
Precise details of the flaw will not be released until EV and charger manufacturers have developed a fix, likely to be a software update for the affected chargers.
The Oxford team said their discovery stemmed from details in international specifications for electric vehicle chargers.
Jake Moore, global cybersecurity adviser at anti-virus firm ESET, said: “Vehicle manufacturers have a great level of responsibility, especially when so many vehicles have the potential to be attacked remotely; therefore, constant software updates are an essential part of the electric car market.”
More about this article: Read More
Source: www.telegraph.co.uk
This notice was published: 2022-03-29 05:00:00
