Could a hacker blow up your EV remotely?
Pagers and walkie-talkies can be turned into remotely triggered bombs — so why not electric vehicles?
That was my first thought when I read about last month’s coordinated attacks on Hezbollah — believed to have been orchestrated by Israel — in which pagers and walkie-talkies exploded across Lebanon, killing dozens and wounding thousands.
A thermal runaway event could be induced deliberately, even when the EV’s ‘ignition’ is off — especially if a hacker gained access to the vehicle’s battery management system.
While those devices appear to have been modified at some point during the supply chain, the principle behind turning them into deadly weapons is relatively simple: Heat the battery until it catches fire or explodes.
It could just as easily apply to EVs — as well as hybrids, plug-ins, or 48v cars, all of which use batteries much larger than in any handheld device.
Of course, these vehicles have a number of safety systems to prevent the battery from catching fire and overheating. But those safety systems run on software that can be hacked, especially since they are already years old by the time the vehicles are built and sold.
Roy Fridman, CEO and chief revenue officer for C2A Security, an Israel-based cybersecurity company focused on the automotive industry, recently said that one automaker told him that the software that controls a motor has two million lines of code. And that’s just the motor.
He stated, “You have hundreds of millions of lines of code inside a vehicle. If you were talking about autonomous vehicles, it’s even more. But the number of lines of code in a vehicle is continuously growing.”
This code is vulnerable to exploitation thanks to wireless connections to the internet (for software updates) and to charging infrastructure. Vehicle-to-grid technology, which allows EV owners to sell their energy storage capacity to grid operators, requires connection to the electricity grid.
“The more communication protocols you have, the more lines of code you have, the more you are susceptible to [hacking],” Fridman said.
We already know the technology exists to disable cars remotely. Cybersecurity experts are also worried that EVs could be hacked to steal drivers’ personal data.
As Fridman says, its plausible that someone could “create a battery overload and disable some of the protective mechanisms” within your car.
Lithium-ion batteries catch fire when they enter an uncontrolled, self-heating event called thermal runaway. Most often, it occurs due to damage or a defect in the battery. But such an event could be induced deliberately, even when the EV’s “ignition” is off — especially if a hacker gained access to the vehicle’s battery management system.
An overheated battery gives off toxic and flammable gases, which can cause an explosion. At the very least, it produces a smoldering, difficult-to-extinguish fire.
For more on this, see my video below: