JANUARY 13, 2022 — As the number of electric cars on the road grows, so does the need for electric vehicle (EV) charging stations and the Internet-based managing systems within those stations. However, these managing systems face their own issues: cybersecurity attacks.
Elias Bou-Harb, director of the UTSA Cyber Center for Security and Analytics, and his colleagues—Claud Fachkha of the University of Dubai and Tony Nasr, Sadegh Torabi and Chadi Assi of Concordia University in Montreal—are shedding light on the vulnerabilities of these cyber systems. The researchers are also recommending measures that would protect them from harm.
The systems built into electric cars perform critical duties over the Internet, including remote monitoring and customer billing, as do a growing number of internet-enabled EV charging stations.
Bou-Harb and his fellow researchers wanted to explore the real-life implications of cyberattacks against EV charging systems and how to utilize cybersecurity countermeasures to mitigate them. His team also assessed how exploited systems can attack critical infrastructure such as the power grid.
“Electrical vehicles are the norm nowadays. However, their management stations are susceptible to security exploitations,” said Bou-Harb, who is an associate professor in the Carlos Alvarez College of Business’ Department of Information Systems and Cyber Security. “In this work, we endeavored to uncover their related security weaknesses and understand their consequences on electrical vehicles and the smart grid while providing recommendations and sharing our findings with relevant industry for proactive security remediation.”
The team identified 16 electrical vehicle charging managing systems, which they divided into separate categories such as firmware, mobile, and web apps. They performed an in-depth security analysis on each one.
“We devised a system lookup and collection approach to identify a large number of electrical vehicle charging systems, then leveraged reverse engineering and white-/black-box web application penetration testing techniques to perform a thorough vulnerability analysis,” Bou-Harb said.
The team discovered a range of vulnerabilities amongst the 16 systems and highlighted the 13 most severe vulnerabilities such as missing authentication and cross-site scripting. By exploiting these vulnerabilities, attackers can cause several issues, including manipulating the firmware or disguising themselves as actual users and accessing user data.
According to a recent white paper study by the researchers, “while it is possible to conduct different attacks on various entities within the electrical vehicle ecosystem, in this work, we focus on investigating large-scale attacks that have severe impact on the compromised charging station, its user and the connected power grid.”
During this project, the team developed several security measures, guidelines and best practices for developers to mitigate cyberattacks. They also created countermeasures to patch each individual vulnerability they found.
To prevent a mass attack on the power grid, the researchers are recommending that the developers patch existing vulnerabilities but also incorporate initial security measures during the manufacturing of the charging stations.
“Many industry members have already acknowledged the vulnerabilities that we uncovered,” Bou-Harb said. “This information will help immunize these charging stations to protect the public and provide recommendations for future security solutions in the context of EVs and the smart grid.”
The researchers plan to continue analyzing more charging stations to further understand their security posture. They are also working with several industry partners to help shape new security products from the design phase and to develop security resiliency measures that protect vulnerable charging stations from exploitation.
UTSA Today is produced by University Communications and Marketing, the official news source of The University of Texas at San Antonio. Send your feedback to news@utsa.edu. Keep up-to-date on UTSA news by visiting UTSA Today. Connect with UTSA online at Facebook, Twitter, Youtube and Instagram.
In partnership with Metro Health, HCAP will host a lecture discussing the life and body of work of Dr. Fernando Guerra, longtime director of the Metropolitan Health District.
Buena Vista Theater, Downtown CampusJoin our team to reflect on the students’ achievements and challenges during the semester and explore techniques, strategies, and tools to address growth mindset, self-reliance, and what it takes to keep students committed and on the path to success
Multidisciplinary Studies (MS 240) and VirtualThis course will introduce you to this popular graduate program, providing a review of UTSA’s Employee Educational Benefit program and MPA info. Free lunch will be provided!
Mesquite Living Lab, Main CampusDía en la Sombrilla, formerly Fiesta UTSA, is a festival hosted each spring as a part of Fiesta® San Antonio events. Sponsored by Roadrunner Productions, the event features music, food, confetti, games, event t-shirts, and more.
Sombrilla Plaza and Central Plaza , Main CampusFiesta Arts Fair is a party with a purpose! The annual art-focused fundraising celebration provides operating support for UTSA Arts, which is dedicated to community arts education for children and adults, public-facing performances and exhibitions, and arts-based research and partnerships to enhance the accessibility of the arts for the public.
UTSA Southwest, 300 Augusta, San Antonio TX 78205This year’s UEA ceremony will be an in-person event that will take place from 9:30 to 11 a.m. on Tuesday, April 25 in the H-E-B Student Union Ballrooms (HSU 1.104/1.106) on the UTSA Main Campus. The ceremony will feature UTSA President Taylor Eighmy, Provost and Senior Vice President for Academic Affairs Kimberly Andrews Espy, Vice President for Inclusive Excellence Myron Anderson, Chief Financial Officer and Senior Vice President for Business Affairs Veronica Salazar and representatives from Staff and Faculty Senate.
H-E-B Student Union Ballrooms (HSU 1.104/1.106), Main CampusSan Antonio’s treasured Asian Festival returns on Saturday, May 27, 2023, at The University of Texas at San Antonio (UTSA) Downtown Campus. In observance of Asian American and Pacific Islander (AAPI) Heritage Month the one-day performance, entertainment, and food event will celebrate the diverse Asian diaspora represented in South Texas and San Antonio. Come and enjoy one of San Antonio’s premier family-friendly events, with hands-on activities and opportunities to learn through experience.
UTSA Downtown CampusThe University of Texas at San Antonio is dedicated to the advancement of knowledge through research and discovery, teaching and learning, community engagement and public service. As an institution of access and excellence, UTSA embraces multicultural traditions and serves as a center for intellectual and creative resources as well as a catalyst for socioeconomic development and the commercialization of intellectual property - for Texas, the nation and the world.
To be a premier public research university, providing access to educational excellence and preparing citizen leaders for the global environment.
We encourage an environment of dialogue and discovery, where integrity, excellence, inclusiveness, respect, collaboration and innovation are fostered.
UTSA is a proud Hispanic Serving Institution (HSI) as designated by the U.S. Department of Education.
The University of Texas at San Antonio, a Hispanic Serving Institution situated in a global city that has been a crossroads of peoples and cultures for centuries, values diversity and inclusion in all aspects of university life. As an institution expressly founded to advance the education of Mexican Americans and other underserved communities, our university is committed to ending generations of discrimination and inequity. UTSA, a premier public research university, fosters academic excellence through a community of dialogue, discovery and innovation that embraces the uniqueness of each voice.