EMnify is hiring. Visit our careers page to see our open positions, and apply today!
    Jan, 26 2022

    Four Ways Cellular Connectivity Secures Your EV Chargers

    blog
    Share this post

    The future is electric and smart

    Electric vehicles (EV) are on the rise, making up about five percent of new car registrations in the US and over 20 percent in the European market. With EU legislation set to stop new registrations of internal combustion engine cars by 2035, the future can only be electric.

    Another thing that is certain is that EVs supply equipment (EVSE) such as chargers will be smart – no matter if at home, in residential and business areas, or on highways. The biggest reason is to protect the power grid from too many EVs being charged at the same time. Smart chargers are internet-connected with a central system that can influence the charging power or current of specific EVs.

    Smart chargers are vulnerable

    The biggest reason for smart chargers is also their biggest danger. Looking at recent security issues in electrical chargers [1][2], the exposure of EVSE in a vulnerable network can lead to attackers taking over total control of a charging station – issuing charging commands at will. Considering the Mirai botnet that infected millions of internet-connected devices which then brought down several Webservices by an orchestrated DDoS attack – an alike botnet by EV chargers whose power cycles are coordinated could deteriorate or bring down the power grid.

    While chargers can use Wi-Fi for connecting to the Internet, this option often puts a private individual in charge of safeguarding the last mile of network security. Wi-Fi is also especially susceptible to attacks: wrongly configured, poorly password-protected, or not regularly updated Wi-Fi routers can present an entry door for attackers – exposing the EV chargers on the public internet. In case of a power grid failure, the question is then whose responsibility (or liability) will it be? The private individual? The charger manufacturer? Operator? Or the person responsible for writing the backend or load-balancing software? 

    1. Taking control of EV charging security with cellular connectivity

    Using cellular connectivity to connect EV chargers gives the control over the last mile security back to the entity offering the EV charging service. The EV charger is completely separated from any local network and connects reliably over-the-air – ensuring there is no impact from any unsecured devices in the proximity. With the advent of connectivity providers that are dedicated to the Internet of Things (IoT), the lifetime cost for getting this additional security combined with the better reliable connection is only a fraction of the overall cost of a charger – and there are also other security and operational benefits that cellular has to offer.

    2. Overcome OCPP security shortcomings with a private cellular network

    The Open Charge Point Protocol (OCPP) is an open standard for EV charging stations which was published in 2011. OCPP version 1.5 and 1.6 have several shortcomings, especially in the versions 1.5 and 1.6 that are currently widely adopted:

    1. While OCPP is a standard, there are incompatible implementations. Only with version 1.6 and later manufacturers need to test the interoperability with other vendors as part of the Open Charge Alliance (OCA) certification. As the security measures in these versions have not been standardized, manufacturers often used their own security implementations.
    2. Only OCCP version 2.0 introduces a comprehensive security concept that provides a secure, encrypted communication channel that also allows authentication between charge point and charging station management systems. Nevertheless, only very few charging stations support OCCP2.0.

    3. Secure private DNS without changing charger firmware

    Public DNS services are one of the most common targets for attacks as they are used by any connected device to translate a hostname to an IP address. DNS attacks can cause amplified Distributed Denial of Service attacks (through DNS requests with forged source IPs) or reroute traffic to an evil host (through poisoning the DNS cache with wrong entries).

    Charge points that use cellular connectivity together with a private IPsec network do not need to use public DNS services. The charge point can communicate with a private DNS server in the CSP infrastructure that is completely protected against external attacks. Ensuring that all charge points – regardless of vendor or firmware version – use the private DNS can also be enforced by the cellular connectivity provider by offering custom DNS settings.

    4. More data visibility for security intrusion detection

    Operating a fleet of charge points can be a challenge – for example, trying to figure out when charge points have operational issues, are disconnected, or when there is someone misusing the device. Being able to feed all relevant information about data consumption, connectivity errors and traffic patterns to a central data repository gives charge point service providers full visibility. Simple alerting on data consumption and network errors can also serve as a base for intrusion detection.

    Summary

    Cellular connectivity is the most secure way to interconnect charge points from different vendors or OCCP versions. When choosing a cellular connectivity provider for your deployment, we suggest checking if your provider supports the following features to secure your chargers: IPsec, IMEI lock, custom private DNS setting, and a real-time data stream of connectivity data.

    At EMnify we use an automated IPsec setup, without the need for any private APNs as with regular operators, and we provide all the necessary features and 24/7 support that you need to run your charging solution successfully.

    Christian Henke

    Christian Henke

    If you want to understand how EMnify customers are using the platform Christian has the insights. With a clear vision to build the most reliable and secure cellular network that can be controlled by IoT businesses Christian is leading the EMnify product network team.

    Contact us today for a reliable and secure connection

    We value your privacy.