This article is part of our exclusive IEEE Journal Watch series in partnership with IEEE Xplore.

In a world with ever-growing security and privacy concerns, add another item to the list of vulnerabilities: electric vehicle (EV) charging.

Marco De Vincenzi, a researcher at the Istituto di Informatica e Telematica (IIT) in Pisa, Italy, is trying to bring attention to this issue. He and his colleagues led a discussion on EV security and privacy vulnerabilities at the 2023 IEEE 97th Vehicular Technology Conference. The results of their presentation are highlighted a subsequent conference paper.

De Vincenzi notes that when people plug their EVs into charging stations, it’s not just power flowing through those cables. “These charging stations handle all sorts of data, from how you pay to your exact location,” he explains. “But here’s the kicker: the rules to keep this info secure? They’re like a door with no lock.”

When and How Are EVs Vulnerable to Hacking?

Imagine, for example, if an ill-intended attacker installed malicious software at public charging stations. They could theoretically get lots of information from your car, including your car’s ID, how you pay, and how much battery power is left. In particularly worrisome situations, they could use the connection between the charging station and the car as an entry point to access your car’s internal software system and meddle with it. “This puts the owner’s vehicle at risk of unauthorized access and control,” says De Vincenzi.

Although it makes sense for attackers to focus their efforts on public charging stations, where they could reach many people, private charging stations in people’s homes could allow attackers to access more personal information. With the right kind of attack, hackers could use the private charging