Cybercriminals Target Electric Vehicle Chargers

As the digitisation and connectivity of cars increases and the prevalence of electric vehicles grows, so does their exposure to cyber risks, with potential data breaches, system manipulation and control, ransomware attacks, etc. being threatened.

Last year saw a 39% increase in the number of cyber-attacks against the automotive and smart mobility ecosystem and products. Thus, a total of 409 incidents were recorded in 2024.

These data are from the ‘2025 Automotive & Smart Mobility Cybersecurity Report’, prepared by Upstream, based on incidents recorded and analysed by the cybersecurity data company.

One of the most striking data is the increase in attacks on electric vehicle charging systems. The study reveals that attacks on electric vehicle chargers account for 6% of all incidents, compared to 4% in 2023.

Upstream believes that the need to accelerate the development of charging infrastructure to meet the growth of the EV market means that best practices and cybersecurity vulnerabilities are sometimes overlooked. In addition, he believes that electric car-specific regulations are advancing more slowly than the electric car market.

As such, he warns that chargers are vulnerable to physical and remote manipulation, so cyber criminals can control their functionality and expose EV users to fraud, data breaches and even ransomware attacks.

According to its analysis, nearly 6 out of 10 attacks on electric vehicle charging stations (59%) recorded in 2024 had the potential to affect millions of devices, including chargers, mobile apps, the cars themselves, etc. In addition, Upstream estimates that nearly 4 in 10 (37%) could have potentially affected thousands of devices.

For example, its researchers identified a security vulnerability in electric vehicle charging equipment in July 2024. This vulnerability allowed attackers to exploit power line communication (PLC) protocols to gain unauthorised access and disrupt car charging. In fact, researchers gained access to the network keys and digital addresses of the charger and the electric vehicle.

He also gives the example of a security flaw in an Italian charger brand that allowed unauthorised access to system logs, administrator privileges and the execution of arbitrary commands through the charger’s web administration interface.

Fortunately, the company located the problem and released a remote update to fix the security vulnerabilities in the firmware of its equipment.

This security breach allowed attackers to bypass the upload restrictions, access system configurations and launch denial of service attacks.

In any case, the study shows that ransomware attacks were the biggest problem for automotive and smart mobility security, with Upstream researchers identifying more than 100 attacks, accounting for almost a quarter of all incidents.

For example, it indicates that the European division of a South Korean automaker fell victim to a ransomware attack that disrupted its operations in February 2024. And in June 2024, another ransomware attack in the United States affected a provider of dealer management software used by 15,000 dealerships, resulting in a nationwide shutdown of operations for nearly three weeks.