3. AGENDA
o E-Vehicle Hacking: Introduction
o E-Vehicle Architecture
o Attack Surfaces
o Types of Attacks
o Real-World Example
o Protecting against Vehicle
Hacking
3
4. WHAT IS E-VEHICLE
HACKING?
4
“If there was a war or escalation with a country with strong cyber
capability, I would be very afraid of hacking of vehicles. Enemy states
could turn cars into killing machines.”
Justin Cappos
(Computer
Scientist)
6. E-VEHICLE ARCHITECTURE
6
• Electric vehicle architecture is different from internal combustion engine (ICE)
vehicle architecture.
• There are different types of electric vehicle architectures.
7. 7
Types of electric vehicle architecture
https://e-vehicleinfo.com/wp-content/uploads/2021/07/image2-3.jpg
8. 8
Essential Components of an E-Vehicle
• Battery Pack: The energy reservoir of the EV, determining range and power output.
• Inverter: Converts direct current (DC) electricity from the battery pack to alternating
current (AC) electricity for the motor.
• Electric Motor: Converts electrical energy into mechanical energy to propel the vehicle.
• Battery Management System: Monitors and manages the battery pack, including cell
voltage, temp. and current.
• Anti-Lock braking system: ABS significantly improves safety by preventing wheels from
locking up during hard braking.
9. 9
Essential Components of an E-Vehicle
• Electronic Control Unit: This acts as the central brain for many functions in a
modern EV.
• Controller Area Network: The backbone of communication within modern
vehicles including EV’s.
• Regenerative Breaking System: Recaptures energy normally lost during braking
and uses it to recharge the vehicle's battery.
10. ATTACK SURFACES
10
Physical Attack Surface
OBD II PORT
Charging Stations
Keyless Entry System
Wireless Attack Surface
BLUETOOTH
WI-FI
CELLULAR NETWORK
11. 11
Modern automobiles contain hundreds of on-board computers processing everything from
vehicle controls to the infotainment system.
12. TYPES OF ATTACKS
12
CAN Bus Attack Public Charging Station
Hacking
Supply Chain Attack
Vehicle-to-Vehicle Attack
ECU Hacking
13. 13
Vehicle-to-Vehicle Attack
V2V technology enables cars to
communicate wirelessly for safety
and traffic efficiency.
Attackers can exploit V2V
vulnerabilities to:
• Inject false data
• Spread malware across vehicles
https://www.gihub.org/infrastructure-technology-use-cases/case-studies/vehicle-to-vehicle-v2v-connectivity/
14. 14
CAN Bus Attack
CAN Bus (Controller Area Network): the backbone of communication within
modern vehicles.
Controls critical functions: engine, breaks, steering, infotaining etc.
CAN Attack exploit weaknesses to:
• Disrupt or disable vehicle systems
• Gain unauthorized control
• Steal sensitive data
16. 16
Public Charging Station Hacking
Public charging stations are vulnerable
points in the EV infrastructure.
Attackers can target charging stations to:
• Steal user data (credentials, payment
info)
• Manipulate billing to overcharge users.
• Potentially damage vehicles or the
power grid.
https://www.motorbiscuit.com/hackers-targeting-ev-charging-stations/
17. 17
Supply Chain Attack
The EV supply chain is complex and global, involving:
• Software development
• Vehicle assembly
Attackers can target any point in this chain to:
• Introduce compromised components(hardware or software)
• Steal intellectual property or sensitive data
18. REAL WORLD EXAMPLE
18
In 2015 hackers showed how
they were able to take control of
a Jeep Cherokee when it was
moving at high speed.
https://securityaffairs.com/38844/hacking/jeep-cherokee-hack-fiat-recall.html
19. 19
Charli Miller and Chris Valasek, who now work for Uber, sent false messages to its
internal network, overriding the correct ones.
That allowed them to do terrifying things such as making the vehicle turn sharply
while it was speeding down a country roads.
https://karambasecurity.com/blog/2019-07-09-charlie-chris-miss-mark
20. 20
Fiat Chrysler Uconnect
Uconnect is Fiat Chrysler’s internet-connected feature which enables
owners the ability to control the vehicle’s infotainment/navigation
system.
https://www.driveuconnect.com/content/dam/uconnect/uconnect-refreshment/uc-siriusxm-tab-desktop.jpg.image.1440.jpg
21. 21
Fiat Chrysler Uconnect
• It only affected certain vehicles.
• It required access to a cellular network.
• It has been patched.
22. HOW TO PROTECT AGAINST VEHICLE
HACKING?
22
TIPS FOR EV OWNERS:-
• Update your car’s software.
• Turn off Bluetooth and Wi-fi when not in use.
• Be wary of unfamiliar charging stations.
• Be cautious about what you connect.
23. 23
How to Protect against vehicle
hacking?
TIPS FOR MANUFACTURERS:-
• Security be design.
• Over the air updates.
• Collaboration with cyber security experts.
"Hello everyone! I'm Parul Sharma from Zettawise Consulting. I've always been passionate about technology and its intersection with security. That's why I'm thrilled to be your presenter today on the topic of E-vehicle hacking.
This is my first time speaking at Null Kolkata, so let's dive into this exciting area of cybersecurity together."
With rising fuel prices and environmental concerns, electric vehicles are a hot topic.
Beyond their eco-benefits, are EVs a safe choice for drivers and passengers?, they aren't immune to cyber threats. The more features you have the more people can go and attack it.
E-vehicle hacking means someone gains unauthorized access to an electric vehicle's systems. This isn't science fiction, it's happening. Hackers can exploit flaws in the car's software, wireless connections, or even the charging stations.
So, what is at risk?
Control- Imagin someone can manipulate your steering wheel and break just the thought itself is scary.
When we talk about e- vehicle we cannot forget self driving cars because the advancements in automation are coming much faster in EV’s than any other cars.
Understanding autonomy levels is crucial for anyone interested in the future of transportation.
Level 0: No Automation: The driver is in complete control. Think of classic cars without assistive technology.
Level 1: Driver Assistance: Simple aids like cruise control or parking sensors assist the driver, but the driver remains in full control.
Level 2: Partial Automation: The vehicle can control steering and acceleration/braking in specific situations (e.g., highway driving), but the driver must remain attentive and ready to take over.
Level 3: Conditional Automation: The car takes over in designated conditions (e.g., traffic jams), but the driver must still be ready to intervene.
Level 4: High Automation: The car handles most driving, even in complex scenarios, but a driver may still need to take over in certain conditions.
Level 5: Full Automation: The car does it all – no steering wheel, pedals, or human driver necessary.
Electric vehicles aren't just a change in fuel source – they represent a fundamental shift in automotive design.
Electric vehicles (EVs) come in different flavors, each with its own unique architecture. Let's break down the key distinctions between BEVs, PHEVs, and HEVs.
Each EV architecture offers a different balance of electric range, fuel efficiency, and performance.
BEVs are ideal for zero-emission driving. PHEVs offer flexibility. HEVs focus on maximizing fuel economy. Understanding these distinctions helps you choose the EV that best suits your needs.
In HEV battery cannot be charged directly like PHEV’s but they get charged through re-generative breaking and IC engine. (In some HEVs, the gasoline engine can indirectly contribute to battery charging. During situations where the gasoline engine is producing more power than what's immediately needed by the wheels, that excess power can be used to run a generator and top up the battery's charge.)
(In many HEVs, the battery powers the system that turns the gasoline engine off when the car is stopped (like at traffic lights) and then smoothly restarts it when needed.)
IN both HEV and PHEV the battery and IC engine work together to enhance performance.
OBD-II Port: The car's onboard diagnostics port, often used by mechanics, can be a point of entry for installing malicious code.
Public charging stations are essential for EV infrastructure, but they can also be targets for hackers.
Keyless entry systems allow you to lock and unlock your car with a fob or even your phone.
These systems use radio waves to communicate between the fob and the car. Hackers can exploit this communication using a device called “Flipper Zero”.
INVISIBLE ENTRY POINTS (Wireless attack)
Bluetooth:
Used for pairing phones or accessories. Vulnerabilities here could allow control of infotainment systems or access to personal data.
Wi-Fi: If the EV has Wi-Fi capability, hackers could exploit it like any other wireless network to gain deeper access
Cellular Networks: Cars with built-in cellular data connections may be targeted through those networks.
Example:
Spoofing: Pretending to be another car. Sending false messages.
Jamming: flooding the conversation with useless info.
Dangerous because drivers rely on these messages to stay safe on the road.
Highway in your car from where messages travel to diff parts.
Someone sneaks – sending false messages.
Why bad?
Mess with critical system in your car.
Good news?
Aware of the risk and working on it.
ECU – mini computer controlling diff parts.
Receive sensor data – send instructions to diff ecu’s.
Airbags failure in serious case.
Car crash- crash sensor –no register of crash- no signal to deploy airbags.
Life saving airbags becomes useless.
Software used for communication btw car and charger has weakness.
Exploit weakness – inject malware in car
Can mess with your car’s electronics.
Security conferences DEFCON demonstrated.
Target a company supplying parts for the EV.
Sneak malware or hardware modification in the components.
Compromised part- installed in EV
POTENTIAL DAMAGE :
Create backdoor into your car.
Control critical systems.
The 2015 Jeep Cherokee hack was a highly publicized and groundbreaking cybersecurity incident, but it wasn't technically the first cyberattack on an EV.
The Jeep Cherokee Hack as a Milestone: The 2015 hack was significant because it was the first time hackers demonstrated the ability to remotely take control of critical vehicle functions (like steering, brakes, etc.) of a modern car while it was in motion. This exposed a major vulnerability in connected car technology.
These earlier hacks often involved physical access to the car's internal systems, but they highlighted the potential for cybersecurity threats in vehicles.
The hackers, Charlie Miller and Chris Valasek, focused on the Jeep Cherokee's Uconnect infotainment system. This system had cellular connectivity allowing features like remote diagnostics and web browsing.
They were aware that many Chrysler vehicles used this Uconnect system, potentially making them vulnerable.
By reverse-engineering the Uconnect software they found flaws that allowed them to send commands over the cellular network.
These flaws enabled them to take remote control of minor vehicle functions like radio, A/C, and windshield wipers.
The critical breakthrough came when the hackers discovered a way to move from controlling the entertainment system to other parts of the car's internal computer network (CAN bus).
The Uconnect system and the systems controlling vital features like brakes and steering were connected.
Miller and Valasek could wirelessly send commands that would control critical vehicle functions. This included: Disabling the transmission
Manipulating the steering Engaging and disengaging the brakes
Fiat Chrysler faced a major crisis after the Jeep Cherokee hack and responded swiftly to mitigate both the technical vulnerabilities and the damage to their reputation.
Recall:
They issued a massive recall for over 1.4 million vehicles to apply a software update that patched the vulnerabilities exploited in the hack.
Hackers:
They engaged with Miller and Valasek, the researchers who conducted the hack, to understand the specifics of the attack and implement relevant fixes.
Transparency: They released detailed technical information about the vulnerabilities and the steps taken to fix them.
“Components in car are not good at understanding where messages come from and whether they are authentic or not.”
making e-vehicles more secure is totally doable. We just need to give it the same attention we give to...choosing the perfect emoji for that critical text message."