Privacy and Cybersecurity in EVs
Electric vehicles offer a range of important environmental and cost of ownership advantages over traditional cars and trucks. Those benefits come with some inherent drawbacks, with range getting the most publicity. Privacy and security are also serious concerns.
Privacy and Cybersecurity in EV
EVs are connected devices, equipped with a stunning amount of technology. Today’s fossil fuel cars are already tech-heavy, relying on thousands of sensors, GPS tools and connected apps. All of that tech carries over to new EVs, which also include:
Battery-related software – This software optimizes battery efficacies, manages charging and power flow, and constantly evaluates energy consumption.
Vehicle telematics – EVs generate reams of data that is shared in real-time with vehicle manufacturers. From trip history to braking performance, these myriad data inputs are delivered to manufacturers via proprietary apps.
Security Breaches Are Already a Problem
Since 2019, hackers have successfully accessed customer data and taken control of several EVs made by Tesla, Ferrari, Mercedes-Benz, and other brands. Some of these EV cybersecurity breaches were intentional; ethical hackers have assisted manufacturers in identifying vulnerabilities.
In one scenario, a hacker was able to take control of dozens of Tesla digital car keys using a third-party app. The hacker was able to unlock doors and disable the vehicle’s security system. Equally concerning was the lack of detection. Neither Tesla or the third-party app was aware of the breach, which would have granted the hacker long-term access to vehicles.
Ethical hackers have used apps like Sirius XM and single sign-on (SSO) API vulnerabilities to access manufacturer employee records, pose as representatives of EV companies, access mountains of customer data, and access internal controls of EVs across the globe.
Data in the Wrong Hands
Nefarious actions by hackers aside, there are plenty of privacy concerns surrounding the manufacturers themselves. EV manufacturers have ready access to incredible amounts of customer data, including in-cabin camera footage and facial recognition technologies. Tesla already faces a class action lawsuit in Illinois. The complaint alleges that Tesla failed to obtain customer consent to using facial recognition as a part of its self-driving mode and has yet to publish its policies on how it handles that data, a clear violation of the Biometric Information Privacy Act.
Mitigating Cyber Security Risks in EVs
The NHTSA has established its Cybersecurity Best Practices for the Safety of Modern Vehicles. The guidelines are non-binding and provide guidance for EVs and fossil-fuel vehicles, but they serve as one of the few industry benchmarks on gathering and protecting user data.
Some of the recommendations include:
Risk-based prioritization of protection for safety-critical vehicle control systems and sensitive information
Timely detection and rapid response to potential threats and incidents
Rapid recovery when attacks do occur
Methods for accelerating the adoption of lessons learned across the industry, including effective information sharing
Building Privacy into EV Design
The most effective way to reduce cybersecurity concerns is adopt a privacy-first approach to vehicle and application design. Manufacturers need to identify existing data security regulations and anticipate a tightening regulatory landscape through the design phase of EV production. Several states have comprehensive privacy laws that make manufacturers responsible for obtaining consent and establishing strict privacy practices or face prosecution.
EVs Are Data-Driven; So Are We
From in-vehicle data collection to providing a safe and securing charging experience, every aspect of the EV ecosystem requires a privacy-first approach. Throughout installation and management, we support forward-thinking businesses with reliable and secure EV charging installation services you can count on. Speak with a Keen Technical Solutions representative today to get started.