Four Ways Cellular Connectivity Secures Your EV Chargers

26.01.2022

The future is electric and smart

Electric vehicles (EV) are on the rise, making up about five percent of new car registrations in the US and over 20 percent in the European market. With EU legislation set to stop new registrations of internal combustion engine cars by 2035, the future can only be electric.

Another thing that is certain is that EVs supply equipment (EVSE) such as chargers will be smart – no matter if at home, in residential and business areas, or on highways. The biggest reason is to protect the power grid from too many EVs being charged at the same time. Smart chargers are internet-connected with a central system that can influence the charging power or current of specific EVs.

Smart chargers are vulnerable

The biggest reason for smart chargers is also their biggest danger. Looking at recent security issues in electrical chargers [1][2], the exposure of EVSE in a vulnerable network can lead to attackers taking over total control of a charging station – issuing charging commands at will. Considering the Mirai botnet that infected millions of internet-connected devices which then brought down several Webservices by an orchestrated DDoS attack – an alike botnet by EV chargers whose power cycles are coordinated could deteriorate or bring down the power grid.

While chargers can use Wi-Fi for connecting to the Internet, this option often puts a private individual in charge of safeguarding the last mile of network security. Wi-Fi is also especially susceptible to attacks: wrongly configured, poorly password-protected, or not regularly updated Wi-Fi routers can present an entry door for attackers – exposing the EV chargers on the public internet. In case of a power grid failure, the question is then whose responsibility (or liability) will it be? The private individual? The charger manufacturer? Operator? Or the person responsible for writing the backend or load-balancing software?

1. Taking control of EV charging security with cellular connectivity

Using cellular connectivity to connect EV chargers gives the control over the last mile security back to the entity offering the EV charging service. The EV charger is completely separated from any local network and connects reliably over-the-air – ensuring there is no impact from any unsecured devices in the proximity. With the advent of connectivity providers that are dedicated to the Internet of Things (IoT), the lifetime cost for getting this additional security combined with the better reliable connection is only a fraction of the overall cost of a charger – and there are also other security and operational benefits that cellular has to offer.

2. Overcome OCPP security shortcomings with a private cellular network

The Open Charge Point Protocol (OCPP) is an open standard for EV charging stations which was published in 2011. OCPP version 1.5 and 1.6 have several shortcomings, especially in the versions 1.5 and 1.6 that are currently widely adopted:

While OCPP is a standard, there are incompatible implementations. Only with version 1.6 and later manufacturers need to test the interoperability with other vendors as part of the Open Charge Alliance (OCA) certification. As the security measures in these versions have not been standardized, manufacturers often used their own security implementations.
Only OCCP version 2.0 introduces a comprehensive security concept that provides a secure, encrypted communication channel that also allows authentication between charge point and charging station management systems. Nevertheless, only very few charging stations support OCCP2.0.

3. Secure private DNS without changing charger firmware

Public DNS services are one of the most common targets for attacks as they are used by any connected device to translate a hostname to an IP address. DNS attacks can cause amplified Distributed Denial of Service attacks (through DNS requests with forged source IPs) or reroute traffic to an evil host (through poisoning the DNS cache with wrong entries).

Charge points that use cellular connectivity together with a private IPsec network do not need to use public DNS services. The charge point can communicate with a private DNS server in the CSP infrastructure that is completely protected against external attacks. Ensuring that all charge points – regardless of vendor or firmware version – use the private DNS can also be enforced by the cellular connectivity provider by offering custom DNS settings.

4. More data visibility for security intrusion detection

Operating a fleet of charge points can be a challenge – for example, trying to figure out when charge points have operational issues, are disconnected, or when there is someone misusing the device. Being able to feed all relevant information about data consumption, connectivity errors and traffic patterns to a central data repository gives charge point service providers full visibility. Simple alerting on data consumption and network errors can also serve as a base for intrusion detection.

Summary

Cellular connectivity is the most secure way to interconnect charge points from different vendors or OCCP versions. When choosing a cellular connectivity provider for your deployment, we suggest checking if your provider supports the following features to secure your chargers: IPsec, IMEI lock, custom private DNS setting, and a real-time data stream of connectivity data.

At emnify we use an automated IPsec setup, without the need for any private APNs as with regular operators, and we provide all the necessary features and 24/7 support that you need to run your charging solution successfully.

Get in touch with our IoT experts

Discover how emnify can help you grow your business and talk to one of our IoT consultants today!

Christian Henke

If you want to understand how emnify customers are using the platform Christian has the insights. With a clear vision to build the most reliable and secure cellular network that can be controlled by IoT businesses Christian is leading the emnify product network team.

Why Secure Access Service Edge (SASE) Is the Future of IoT Security

17.02.2021 – Knowledge Hub

Coined by Gartner in the 2019 Networking Hype Cycle and Market Trends report, Secure Access Service Edge (SASE) introduces a new architecture where networking and security functions are bundled in a cloud-delivered service. As IoT and internet-based traffic continues to soar, SASE allows enterprises to streamline network integration, security, and policy management of distributed devices with a centrally managed platform.

10 Cutting-Edge IoT Use Cases for 2023

30.12.2022 – Knowledge Hub

There are more than 10 billion IoT devices worldwide, and this number is projected to reach about 30 billion by 2030. Connectivity has countless applications for consumers and businesses alike. New technology enables manufacturers to make these devices smaller, more efficient, more powerful, and more versatile.

5 ways to detect connection errors and how to resolve them

30.09.2021 –

Cellular communication is the most stable wide-area wireless technology available today. The technology uses reserved frequency bands and commercial, well-maintained infrastructure. Having said that, there are several scenarios where your devices can experience connectivity issues. For example:

Discover why businesses around the globe trust emnify