With global electric vehicle (EV) adoption accelerating, electric vehicle supply equipment (EVSE) has become a critical component at the grid-edge and within modern mobility ecosystems. Yet, these networked systems, scattered across cities, highways, and homes, are often deployed without the hardened defenses typically found in enterprise IT networks.
Figure 1. Attack surfaces in EVSE span hardware, firmware, communications, backend systems, and grid interfaces.
As EVSE integrates more deeply with national grids and digital payment systems, its expanding attack surface introduces new challenges for automotive cybersecurity, safety, and reliability. These risks are the focus of “Electric Vehicle Supply Equipment Cybersecurity: Threat Landscape and the Road Ahead” a report developed by VicOne in collaboration with the American Center for Mobility (ACM).
Key findings
- Large-scale cyberattacks on EVSE have yet to occur, but research and ethical hacking competitions have revealed numerous exploitable vulnerabilities. At the Pwn2Own Automotive contests alone, over 50 zero-day vulnerabilities were discovered across major EVSE brands.
- Automotive threat intelligence platforms, such as VicOne’s xAurient, have observed a growing interest among cybercriminals targeting EVSE.
- Coordinated attacks on charging networks could disrupt power stability and endanger consumers.
- Compliance with standards is necessary, but it is not enough. A defense-in-depth strategy is required amid an evolving threat landscape.
While major incidents targeting EVSE infrastructure remain rare, this should not be mistaken for security. The vulnerabilities are real, and cybercriminals are watching — it’s not a matter of if, but when. Strengthening EVSE defenses today is the only way to safeguard tomorrow’s connected infrastructure.
Download “Electric Vehicle Supply Equipment Cybersecurity: Threat Landscape and the Road Ahead” to gain deeper insights into the evolving EVSE threat landscape and the strategies to mitigate them.
