Litcius/Paper detail

A cybersecurity risk assessment of electric vehicle mobile applications: findings and recommendations

Zia Muhammad, Zahid Anwar, Bilal Saleem

202313 citationsDOI

Abstract

Electric vehicles (EVs) are becoming increasingly prevalent, with many manufacturers and third-party developers creating mobile applications to manage and monitor their use. The security of these applications is critical, as they handle sensitive information such as vehicle location, statistics, and personally identifiable information (PII) stored in the mobile device. This research conducts a cybersecurity risk assessment of several popular applications developed by (1) EV manufacturers including Tesla, Mercedes, BMW, Nissan, and Volkswagen and (2) third-party developers such as EVConnect, EVgo, Plugshare, ChargeHub, and EV-Energy. Our findings reveal a range of security vulnerabilities, including insecure communication, lack of encryption for data transmission, and insecure data storage. The list of mobile permissions acquired by these applications and the potential consequences of a security breach are also discussed. Moreover, the article highlights additional features provided by third parties that are not available in applications developed by EV manufacturers and attract users into installing the same. Finally, safeguards and defensive controls are proposed for hardening these applications to prevent security incidents.

Topics & Concepts

Computer securityEncryptionComputer scienceElectric vehicleThird partyMobile deviceData breachInternet privacyWorld Wide WebQuantum mechanicsPhysicsPower (physics)Smart Grid Security and ResilienceGreen IT and SustainabilityElectric Vehicles and Infrastructure
A cybersecurity risk assessment of electric vehicle mobile applications: findings and recommendations | Litcius