Electric cars against cyber attacks: how to ensure cybersecurity in connected mobility

The advent of electric cars has revolutionized the very concept of mobility. It is no longer just about moving sustainably, but doing so in a technologically advanced, connected, and digital ecosystem. However, alongside these enormous advantages, new vulnerabilities emerge: connected electric vehicles are increasingly exposed to cyber threats. In this context, cybersecurity plays a central role. Just like a computer or a smartphone, a car can also be the target of hacker attacks. But with a crucial difference: here, the physical safety of people is at stake.

This article aims to analyze the current landscape of digital threats in the electric mobility sector, identifying weaknesses, the countermeasures adopted, and future strategies to ensure a safe and sustainable future.

Cyber Threats and Hacker Attacks on Electric Vehicles

In recent years, cyberattacks in the automotive sector have grown at an alarming rate. According to the Global Automotive Cybersecurity Report 2024, threats aimed at APIs – that is, the interfaces that allow different software components to communicate with each other – could grow by as much as 380% by 2026, representing about 12% of all cyber incidents in the automotive field.

What makes electric cars particularly vulnerable are their own characteristics: continuous internet connectivity, advanced infotainment systems, mobile apps for remote control, over-the-air software updates (OTA), interaction with smart charging stations, and, in some cases, autonomous driving capabilities.

In short, the smarter they are, the more exposed they become. Hackers can exploit these attack surfaces to infiltrate the vehicle's systems, manipulate them, or even take control of the car remotely.

Cyber Vulnerabilities in Connected Electric Vehicles

Among the most concerning threats is the remote hijacking of the vehicle. Through flaws in communication protocols or exploits in onboard software, attackers can influence critical functions such as acceleration, braking, and steering. Such an intrusion, in addition to being dangerous, highlights how fragile the boundary is between digital security and road safety.

Other vulnerabilities include:

• Data interception via Wi-Fi or Bluetooth

• Unauthorized access via compromised mobile apps

• Attacks through the OBD-II port (used for diagnostics)

• GPS spoofing to deceive navigation systems

Furthermore, the use of OTA updates, if not adequately protected, can become an additional attack vector. The absence of encryption or digital signatures allows for the injection of malware directly into the vehicle's operating system.

Data Protection in Smart Charging Infrastructures

Even the charging stations represent a critical link in the security chain. Connected to digital networks, often enabled for contactless payment or via apps, they collect and transmit a significant amount of data: user identifiers, charging history, location, and even information about the battery's status.

The most common threats include:

• Theft of personal and banking data

• Injection of malware during charging

• DDoS attacks that make the charging stations inaccessible

• Manipulation of software to alter charging power and duration

QR Code Scams: The Danger of "Quishing"

In recent months, new forms of fraud related to charging infrastructures have emerged, including the phenomenon of "quishing" (QR-phishing). In several European countries, including Italy, some malefactors have overlaid stickers with fake QR codes on authentic ones from EV chargers. By scanning the code, the user is redirected to a fraudulent website that mimics that of the official operator, leading them to enter sensitive data such as payment information or personal credentials.

Counterfeit Charging Stations: Physical and Digital Risks for the Car

In addition to QR codes, the danger posed by so-called “fake charging stations” is increasing: devices that mimic the appearance of real charging stations but hide malicious components inside. Once connected, the car can be exposed to data theft, manipulation of charging parameters, or even injection of malware into the vehicle's system. In cybersecurity laboratories, it has been demonstrated that a modified charger can interfere with the operation of the car within minutes, even temporarily disabling some functionalities.

Targeted Attacks and Jammers: Why Automatic Authentication is Needed

Another increasingly common threat is the use of jammers to disrupt the functioning of official charging apps. In these cases, users are pushed to interact with alternative, often fraudulent interfaces. This type of attack, discreet but effective, highlights the importance of solutions such as the Plug & Charge protocol, which allows for automatic vehicle authentication, minimizing the risks associated with manual interaction.

Cybersecurity and V2X Communication in Autonomous Driving

As technology advances, many electric vehicles are starting to communicate with their surroundings via V2X communication (Vehicle-to-Everything). This includes V2I (Vehicle-to-Infrastructure), V2V (Vehicle-to-Vehicle), and V2G (Vehicle-to-Grid).

But what happens if this data exchange is manipulated? A well-orchestrated attack could alter the information received by an autonomous vehicle, causing it to brake suddenly, ignore a traffic light, or make dangerous maneuvers. It’s not just a software issue: it’s a concrete threat to road safety.

In this context, cybersecurity is no longer optional; it is a prerequisite for the reliability of autonomous driving.

Defense Strategies for Automotive Cybersecurity

The good news is that countermeasures exist and are evolving rapidly. The main strategies include:

• End-to-end encryption to protect data in transit and at rest

• Automotive firewalls and intrusion detection systems

• Multi-factor authentication for access to sensitive functions

• Segmentation of internal networks between infotainment, engine, and sensors

• Use of artificial intelligence to identify behavioral anomalies in real-time

Additionally, the "zero trust" approach – whereby no component or device is considered secure by default – is becoming established as a standard in the design of new vehicles.

European Regulations for the Cybersecurity of Electric Vehicles

Starting in 2024, several European initiatives aim to strengthen cybersecurity in smart transport. Besides the UNECE R155 and R156, an increasing number of manufacturers are implementing certified systems in line with the updated directives of the EU Cyber Resilience Act and the Network and Information Security Directive 2 (NIS2).

At the same time, the GDPR ensures the protection of personal data collected by vehicles, imposing transparency, informed consent, and the right to be forgotten. The EU is also investing in secure cloud infrastructures and cybersecurity incident response centers (CSIRT) specific to the automotive sector.

The Contribution of Manufacturers to Protecting Electric Vehicles

Vehicle and charging infrastructure manufacturers play a crucial role in preventing attacks. The most advanced companies integrate cybersecurity from the design phase of their products.

In the case of wallboxes for home use, for example, measures such as:

• Secure authentication via app

• Anti-tampering systems

• Encrypted connections between the charging station and the vehicle

• Remote monitoring and push notifications in case of anomalous behaviors

The principle of least privilege, which limits access to only the necessary functions, is now a best practice adopted even in the embedded systems of electric cars.

Good Practices for Users: Protecting Your Electric Car

Security does not depend solely on manufacturers. Users also have an active role in defending their vehicle. Some simple rules can make a difference:

• Regularly update the vehicle and mobile app software

• Avoid connecting to unprotected public Wi-Fi networks

• Use strong and unique passwords for each account

• Verify the authenticity of charging stations before connecting

• Report suspicious behaviors or malfunctions to the manufacturer

Additionally, it is advisable not to leave electronic devices connected to the vehicle in automatic mode, such as digital keys, smartphones, or smartwatches, which can be used as a bridge to access the system.

The Future of Electric Mobility Passes Through Cybersecurity

Electric mobility is set to grow, and with it, the number of connected vehicles on our roads will increase. Therefore, it is essential to invest in ever more sophisticated digital defense technologies.

In the near future, we may witness the widespread adoption of:

• Blockchain for data traceability and integrity

• Edge computing to process information directly in the vehicle

• Digital twins to simulate scenarios and test security

The challenge is clear: to ensure mobility that is both sustainable, efficient, and secure. And in this regard, cybersecurity is no longer optional. It is at the very heart of innovation.

FAQ

Are electric cars vulnerable to cyber attacks?
Yes, especially if they are connected to the Internet or external devices. Attack surfaces include infotainment, apps, charging, and onboard networks.

How can a charging station be compromised?
Through manipulated software, malware, DDoS attacks, or fake charging stations designed to infect the vehicle.

How to protect an electric car from hackers and malware?
Update systems, use secure networks, avoid unauthorized access, and choose reliable wallboxes.

What technologies help improve cybersecurity in electric mobility?
AI, encryption, network segmentation, blockchain, edge computing, and digital twins are among the main evolving solutions.