Emerging Cybersecurity and Privacy Threats to Electric Vehicles and Their Impact on Human and Environmental Sustainability

Abstract

With the global energy crisis, increasing demand, and a national-level emphasis on electric vehicles (EVs), numerous innovations are being witnessed throughout the EV industry. EVs are equipped with sensors that maintain a sustainable environment for the betterment of society and enhance human sustainability. However, at the same time, as is the case for any new digital technology, they are susceptible to threats to security and privacy. Recent incidents demonstrate that these sensors have been misused for car and energy theft, financial fraud, data compromise, and have caused severe health and safety problems, amongst other things. To the best of our knowledge, this paper provides a first systematic analysis of EV sustainability, digital technologies that enhance sustainability, their potential cybersecurity threats, and corresponding defense. Firstly, three robust taxonomies have been presented to identify the dangers that can affect long-term sustainability domains, including (1) life and well-being, (2) safe environment, and (3) innovation and development. Second, this research measures the impact of cybersecurity threats on EVs and correspondingly to their sustainability goals. Third, it details the extent to which specific security controls can mitigate these threats, thereby allowing for a smooth transition toward secure and sustainable future smart cities.

1. Introduction

Current technology evolution is a gradual step toward intelligent transportation systems (ITS) and smart cities. With incremental technological improvements, human reliance on the internet of things (IoT) has increased enormously. The IoT market is projected to grow by 194 billion US dollars, and the number of connected devices is estimated to grow to 525 billion by the end of 2027 [1]. This gradual adoption of IoT is due to its compatibility, ease of integration into EVs, road safety equipment, traffic controls, and intelligent transportation [2]. Currently, the world is facing a fuel crisis, and the global community is looking for alternative ways to use renewable energy sources and green energy to meet energy consumption needs. This drastic shift is a leading case for the enormous growth of EVs. In recent years, there has been a tremendous increase in EV sales and global acceptance of EVs around the world [3,4,5]. One of the main drivers of this smooth transition is the acceptance of innovation and trust in technology. By improving the efficiency of EVs, the transportation industry can be more environmentally friendly, productive, and agile.

1.1. Motivation

EVs facilitate drivers, maintain roadside safety, and improve sustainability by preventing injuries and reducing accidents [6,7]. However, on the other hand, user data security and privacy concerns are increasing with the embedded sensors that collect information such as personal identifiable information (PII), financial, health, charging logs, driving habits, video, location coordinates, and car-related data [8]. There are also many potential cyber threats to vehicular technology, such as third-party application libraries, identity thefts, private data breaches, cryptojackings [9], and ransomware [10]. Due to these threats, the confidentiality and privacy of user data is at continued risk [11]. This means that the more we try to make EVs sustainable by introducing cameras, tracking devices, and sensors, the more vulnerable we become to cybersecurity threats that target these sensors.

1.2. Challanges

The challenges arise because cybersecurity and sustainability are two different domains. Sustainability is related to the ecological balance between the environment, economic growth, and social well-being [12,13,14], while cybersecurity is the practice of protecting networks, systems, and programs from cyber-attacks. The importance of both domains cannot be denied. Sustainability researchers work on structural and economic components, such as reducing the time to market for EVs, minimizing costs, and introducing new sensors for environmental suitability. Therefore, new technology is introduced at a rapid pace, but their security controls are limited and may not be defined with the required pace that competes with the production rate [15]. This is because cybersecurity experts conduct limited studies in domains of sustainability; therefore, there is a research gap in the industry [16]. EV manufacturing is a big industry with a huge cash flow. Still, there is limited research available, and very few efforts are made to define guidelines and standards that highlight how to achieve sustainability without compromising cybersecurity. Hence, it is necessary to define the suitability aspects of EV sensors in comparison to their potential cyber threats and vulnerabilities. There is also a need to find a correlation between the sustainability of EVs and cyber threats targeting these EVs [17].

There are many types of sensors that, if properly used inside EVs, can help achieve certain sustainability goals; however, sensors have overlapping requirements and vulnerabilities, and it is not known which sensors affect or facilitate us to achieve what kind of sustainability goals. There exists no mapping between these sensors and the sustainability goals that they tend to achieve; therefore, there is a strong need to define a mapping between the cybersecurity challenges of sensors and their impact on sustainability. When we have these types of mapping, companies can direct their budget, efforts, and research toward developing security-hardened sensors that achieve a particular sustainability goal.

1.3. Methodology

To address these challenges, a survey of the current literature has been performed in the field of cybersecurity and three main domains of sustainability, including (1) life and well-being, (2) safe environment, and (3) innovation and development. Additionally, seventeen different types of EV sensors were surveyed, and their impacts were mapped to the appropriate sustainability domain. Twelve cybersecurity threats were indentified that can affect EV sensors and may lead to cyber attacks if exploited. Finally, the article proposes thirty-five security controls that can be used to secure EVs from cyber threats. To this effect, three taxonomies have been introduced: (1) sensor-to-sustainability, (2) threats-to-sensors, and (3) defenses-to-threats. These taxonomies classify multiple EV sensors into different domains of sustainability, visualize multiple cyber threats targeting sensors, and provide safeguards to defend against cyber threats.

1.4. Contribution

1.

The article serves as a resource for cybersecurity and sustainability researchers, as well as EV manufacturers, by providing domain knowledge and insights into cybersecurity challenges and approaches for minimizing the impact of cyber threats on the sustainability benefits of EV technology.

2.

The research proposes a novel sustainability–sensors–threats–controls taxonomy that firstly provides a benchmark for measuring the level of achievement in meeting sustainability goals by the types of sensors deployed in an EV. Second, it describes how much effort needs to be allocated for defending against cyber threats that a sensor presents.

1.5. Paper Organization

The paper is categorized into the following sections: Section 2 provides a survey and comparative analysis of recent studies on the chosen topic. Section 3 provides details on environmental sustainability and EV sensors. Section 4 highlights emerging cyber threats and past cyber attacks. Section 5 provides details of security controls that can be used to defend and make EVs secure. Section 6 contains current issues and open challenges. Section 7 concludes the paper and provides future directions.

2. Literature Review

The section provides current studies and highlights contemporary efforts that were reviewed during the research work. Recent research studies are comparatively analyzed based on their significant contributions, critical points, research focus, advantages, and limitations in

Table 1. Comparative analysis of various dimensions of existing studies.

Author	Cyber Threats	Human Impact	Environmental Sustainability	Applications	Open Issues
Othman et al. [18]	✕	✓	✓	✓	✕
Silva et al. [19]	✕	✕	✓	✕	✓
Hataba et al. [20]	✓	✕	✕	✓	✕
Ahmed et al. [21]	✕	✕	✓	✓	✓
Alam et al. [22]	✕	✕	✓	✓	✓
Bathla et al. [23]	✓	✓	✕	✕	✕
Bharat. et al. [24]	✓	✕	✓	✕	✓
Kim et al. [25]	✓	✕	✕	✓	✕
Underlined article	✓	✓	✓	✓	✓

. The table also compares this article with previous efforts.

The growing use of sensors has been seen in both traditional internal combustion engine (ICE) vehicles as well as electric vehicles for increased monitoring, control, and optimization. However, the latter has comparatively more sensors than an ICE. According to research estimates [26], there are roughly around 1000 chips in a non-electric vehicle and twice as many in an electric one. In fact, the growing demand of electric vehicles in the year 2021–2022 saw a chip shortage in the USA [27]. Furthermore, sensors used in EVs tend to be more advanced in terms of circuitry, interfaces and resolution as compared to their ICE counterparts. While the ideas proposed in this research apply to both ICEs as well as EVs, the article specially targets EVs as its research target more so because unlike traditional ICEs, electric vehicles are being promoted by governments worldwide as a viable solution for environmental sustainability.

Given these considerations, we believe that electric vehicles are a particularly relevant and interesting research target, as they have the potential to significantly impact the sustainability of transportation systems and require careful attention to cybersecurity. Our research aims to explore the internal relationship between these issues in order to inform the development of more sustainable and secure electric vehicles.

Othman et al. [18] focus on implementing the safety characteristics of EVs, assessing their impact on public health and social well-being, and also highlighting the ways EVs evolve into autonomous vehicles that facilitate human life and future generations. Silva et al. [19] work on the environmental impact of EVs. The researchers explored the impact of EVs in terms of gas emissions, air quality index, traffic flow, soil impact, and noise pollution. Similarly, Hataba et al. [20] identified potential privacy problems, security issues, and cyber threats in autonomous vehicles. These researchers highlight data collection points, security challenges, cyber breaches and proposed a possible way to minimize and defend against these threats. Examples of attacks analyzed include traffic flow attacks, platooning, carpooling, and parking attack scenarios.

Ahmed et al. [21] surveyed EVs and their support for advanced driving assistance systems (ADAS) to highlight the advantages, limitations, and how this technology impacts the vehicle driver. The authors also highlighted practical applications of vehicles, laws of federal governance, legislation, and regulations. In another research, Alam and Georgakis [22] performed a comparative analysis of inter-connected EVs and covered multiple aspects of intelligent mobility management, such as traffic projection, message communication, and environmental impacts. The authors also highlighted the possible future impact of small-scale networks that the author constructed using simulations of traffic streams.

Bathla et al. [23] surveyed smart vehicles and highlighted their practical applications, current challenges, and future opportunities. The authors also discussed the effects of the smart automotive industry on public health and safety as well as current cybersecurity challenges and privacy issues. Bharathidasan et al. [24] conducted a systematic review of the drastic change in the transportation sector to highlight energy trends, technological requirements, and cybersecurity issues. The article focuses on integrating EVs with renewable energy sources, highlighting global scenarios of an energy crisis, and discusses open issues. Finally, Kim et al. [25] published an article covering the cybersecurity issues of autonomous vehicles by demonstrating possible attack scenarios. The authors highlighted potential security flaws and vulnerabilities that lead to exploitation and affect driver safety. The authors also provided a research pathway for defending against certain EV attacks using AI and machine learning techniques.

The research works compared in Table 1 are significant efforts that cover the wide domain of cybersecurity and sustainability. During the research, we were unable to find articles that build relationships, depict and taxonomize cybersecurity challenges with sustainability. To the best of our knowledge, this is the first systematic analysis that addresses the limitations of current works. This is achieved by extracting information about different EV sensors, cyber threats, and security defenses from the literature and then categorizing, mapping, and establishing a relationship between them to facilitate readers for an easier comprehension of how these domains relate.

3. Sustainability Impact of EVs

Sustainability is the ability to meet the needs of the present world without compromising the needs of future generations. In terms of EVs, sustainability refers to the ability of EVs to be a viable and environmentally friendly alternative to traditional gasoline-powered vehicles [28,29]. This means that EVs should be able to fully meet the transportation needs of people without negatively impacting the environment or depleting natural resources [30].

Various types of sensors in EVs play a vital role in making EVs more sustainable. Each sensor is designed to achieve a certain task, such as forward collision avoidance, emergency braking, vehicular communication, and street sign recognition. Figure 1 provides an illustration of multiple sensors that makes EVs more sustainable and helps improve vehicle safety. Sensors collect information about the vehicle’s surroundings and assist the vehicle’s driving system, which can in turn help reduce the risk of accidents.

EVs serve in multiple domains of sustainability, and on a broader level, sustainability can be divided into three major domains (also sometimes referred to as sustainability goals) such as (1) life and well-being, (2) safe environment, and (3) innovation and development [28,31].

• Life and well-being: EVs reduce roadside accidents, minimum global deaths, ensure passenger safety, and provide ease for drivers [32]. Moreover, EVs reduce environmental health hazards as they help to improve the quality of life for people living in urban areas, where air pollution is often a major concern. The first sustainability goal, life and well-being, further divides into two subdomains as (1) reduction of death rate and (2) ease and accessibility.
• Safe environment: EVs also have a positive impact on the environment because they do not produce any greenhouse gas emissions, which are a major contributor to climate change. In addition, EVs are often more energy efficient than gasoline-powered vehicles, which can help reduce reliance on fossil fuels and the associated environmental impacts. The second sustainability goal, safe environment, further divides into three subdomains as (1) roadside safety, (2) intelligent transportation, and (3) eco-friendliness.
• Innovation and development: EV manufacturers are working to introduce innovation and cater to challenges through improved models that have longer battery life and are safer to drive. EVs have multiple sensors that help to improve fuel economy, minimize travel time, reduce congestion and drive innovation and development in the transportation sector. For example, the development of new technologies and infrastructure, such as charging stations, can help support the growth of the electric vehicle market and improve the overall sustainability of the transportation system. This third sustainability goal, innovation and development, is further divided into three subdomains as (1) improved fuel economy, (2) minimize travel time, and (3) reduce congestion.

The discussed domains and subdomains of sustainability are systematically visualized in the first taxonomy named sensor-to-sustainability in Figure 2. The taxonomy has two parts; part one classifies three main domains of sustainability as life and well-being, safe environment, and innovation and development, which are further broken up into subdomains. Part two then maps these domains to the various sensors designed by EV manufacturers that can help achieve these sustainability goals. For example, death rate due to accidents (a sustainability goal) can be achieved by installing forward collision avoidance sensors.

The predicate logic representation of the taxonomy has been presented in Equation (1).

$$S\Rightarrow S^{\prime }$$

(1)

$$\begin{array}{ccc}\hfill \mathit{S}& \hfill =\hfill & \{sensor1,sensor2,sensor3,\dots \}\hfill \\ \hfill {\mathit{S}}^{\prime }& \hfill =\hfill & \{domain1,domain2,domain3,\dots \}\hfill \end{array}$$

In the given equation, (S) is used for the set of chosen sensors illustrated in Figure 1, and (S′) is a set of sustainability domains. Thus, the given equation can be interpreted as the set of sensors (S) implies the domains of sustainability that they help achieve (S′). For the underlined scenario, we are considering three domains of sustainability and 17 EV sensors, but this set can be extended as per requirements. A detailed overview of the sustainability domain and EV sensors is added in the subsequent subsection.

3.1. Life and Well-Being (First Goal of Sustainability)

EVs detect the environment through multiple sensors and take certain actions that address different aspects of life and well-being, such as (1) reduction of death rate and (2) ease and accessibility.

3.1.1. Reduction of Death Rate

In 2021, 42,915 road accidents occurred in the USA alone [33]. These accidents cause severe injury to not only vehicle passengers and drivers but also pedestrians passing by [34]. EVs can help reduce deaths from transportation-related causes in several ways. First, because EVs produce zero emissions, they can help reduce air pollution, which is a major contributor to respiratory illnesses and other health problems [35]. Second, EVs are generally quieter than gasoline-powered vehicles, which can help reduce noise pollution, which has been linked to an increased risk of heart disease and other health problems [36]. Finally, EVs can help reduce traffic accidents because they are often equipped with advanced safety sensors that can help make roads safer for everyone [37,38]. The following provide an overview of the sensors that may reduce traffic deaths.

(i)

Forward collision avoidance: Front-mounted sensors are designed to detect and avoid forward collisions with other vehicles and road objects. This is achieved by decreasing the speed and increasing the braking force [39]. Forward-facing sensors include radar, camera, or any other laser-based sensor.

(ii)

Adaptive cruise control (ACC): ACC is a safety framework that automatically controls the acceleration and braking of a vehicle [40]. The framework automatically adjusts the speed of the vehicle with the car in front and maintains a safe distance. If the car ahead slows down, the ACC automatically slows down to match it.

(iii)

Automatic emergency braking (AEB): AEB is a safety feature that detects and identifies possible collisions. It automatically activates the brakes to slow down and even stop moving vehicles before the crash [41].

3.1.2. Ease and Accessibility

EVs provide ease and accessibility in a number of ways. They are generally easier to drive, with smooth acceleration and a quiet, comfortable ride as compared to conventional vehicles. Additionally, EVs are often equipped with technology such as touchscreens and voice-activated assistants, which can make EVs easier and more convenient to use. Moreover, EVs provide ease to passengers with driving assistance and accessibility features for disabled and visually impaired people.

(i)

Parking assist: The vehicle parking assistance system uses a variety of sensors and cameras around the vehicle to calculate the parking space and park appropriately within the space available [42]. Autonomous vehicles provide an easy interface for parking assistance; There is a button inside the vehicle to implement the framework. As soon as the button is pressed, the sensors will begin checking for space sufficient for the vehicle to be parked safely [43].

(ii)

Backup cameras: Some EVs come with preinstalled rear-facing backup cameras that provide a precise view of the rear field and visualize the front view and blind spots. EVs have multiple backup cameras in different positions that are mounted to save lives, reduce vehicle-related crashes, and prevent injuries [44].

3.2. Safe Environment (Second Goal of Sustainability)

EVs are equipped with sensors that allow the vehicle to “see” its surroundings and identify objects such as other vehicles, pedestrians, and traffic signs. The vehicle’s computer can then use this information to decide how to navigate the road safely. Safe endowment is further classified into three subgoals of sustainability such as (1) roadside safety, (2) intelligent transportation, and (3) eco-friendliness as follows:

3.2.1. Roadside Safety

(i)

Street sign recognition: Street sign recognition is a framework that perceives street signs and reflects the intended action [45]. The instructions are normally shown on a dashboard screen. The framework traditionally utilizes a forward-looking camera placed behind the windshield to “look for” street signs. Most EVs use ADAS cameras that are front-mounted and efficient in detecting and capturing images of street signs, roads, pedestrians, vehicles, and other roadside objects [46].

(ii)

Automatic Emergency Braking System (AEBS): AEBS is a security framework that takes automated action in applying brakes before a crash to slow or stop a vehicle to avoid serious impact. AEBS uses radars, cameras, or LIDAR technology to operate and tackle dangerous situations [47].

(iii)

Light detection and ranging (LIDAR): LIDAR is used to determine how far something is from the vehicle. It is basically a distance-measuring unit that uses light signals for accurate positioning and for obtaining distance information [48]. This enables EVs to precisely detect still and moving objects even in low light conditions and challenging weather.

(iv)

Radio detection and ranging (RADAR): A RADAR is an electromagnetic sensor used to recognize, find, track and distinguish different objects over impressive distances. It works by sending electromagnetic energy to targets [49]. RADAR is used to identify the location, velocity, and angle of an object.

LIDAR and RADAR are used to achieve the same goal of object detection [50]. They can be used together or individually, depending on the circumstances. They differ in that RADAR works on radio waves using either a fixed or rotating antenna having a large wavelength, while LIDAR uses laser light beams and is capable of building 3D models having a smaller wavelength [51].

(v)

Ultrasonic sensors: An ultrasonic sensor is used to measure the distance from an objective by producing ultrasonic waves. It has two fundamental parts: a transmitter (which delivers sound) and a recipient (which experiences the sound after it travels to and bounces off the objective). These sensors and sonars are used in EVs for navigation and range assistance [52]. Moreover, the feature is helpful in vehicle parking and nearby object discovery.

3.2.2. Intelligent Transportation

(i)

Central computer: A central computer is a powerful processing unit that controls the vital computation-related functions of EVs. These functions include deceleration, object detection, collision avoidance, lighting, window control, environmental control, speeding, and acceleration, among other things, and the central computer is involved in making some decisions involving the vehicle’s drive [53].

(ii)

Cell technology: Cell technology allows mobile communication based on a two-way radio system that transmits and receives data from a mobile unit to a wireless network. EVs use radio channels for minimal interference during communication [54].

3.2.3. Eco-Friendliness

(i)

Emission sensors: EVs minimize hazardous and harmful emissions and are therefore considered eco-friendly vehicles. They tend to reduce noise pollution and allow for good fuel economy [55]. Importantly, fewer repairs are needed due to the lower number of vehicle parts. Just one electric car saves an average amount of 1.5 million grams of CO₂ per year. This is approximately equivalent to four return flights from Barcelona to London. An increasing percentage of EVs can cause a significant drop in harmful emissions [56]. More recent EVs models are revolutionary as they are close to zero-emissions producing virtually no exhaust from the onboard power source.

3.3. Innovation and Development (Third Goal of Sustainability)

With the growing popularity of EVs, many car manufacturers work hard to innovate and cater to the many challenges related to the drive. Multiple improved models and infrastructures have been produced that significantly benefit drivers and maintain a longer battery life. The research innovations also reduce pollutants that are harmful to the climate, such as hydrocarbons, carbon monoxide, ozone, lead, and different nitrogen oxide emissions [57] Innovation and development is further classified into three subgoals of sustainability as (1) improved fuel economy, (2) minimize travel time, and (3) reduce congestion.

3.3.1. Improved Fuel Economy

Fossil fuel is not a renewable resource, and its production is not consistent with the demand. Continuous economic growth, increasing dependence, uncontrolled gasoline appliances, and global conflict are creating crises for production [58]. This gradual movement toward EVs will reduce fuel dependency and create a better impact on the global economy.

3.3.2. Minimize Travel Time

EVs can minimize travel time by providing a more efficient means of transportation as compared to traditional vehicles. EVs are equipped with advanced navigation systems that can help drivers find the most efficient routes to their destinations. EVs are also capable of reaching higher speeds than traditional vehicles, allowing them to get from point A to point B faster. Owing to ongoing innovation, we may see regenerative braking systems that can convert the energy generated when braking back into electricity, helping to extend the range of the vehicle and minimize the stops needed for recharging. Presently, most traffic speeds depend on speed limits, traffic signs, roadside infrastructure, ramps, and junctions, which EVs will be able to incorporate as parameters for highly accurate trip time calculations to suggest alternative routes and further reduce travel time.

(i)

Global positioning system (GPS): GPS is a satellite-based radio navigation framework that is used to identify the location. It is available in vehicles for accurate positioning, route finding, time estimation, and traffic information [59].

(ii)

Electronic stability control (ESC): ESC is responsible for allowing for vehicle stability when making sharp turns and is especially effective under adverse conditions such as rain and snow, abrupt movements such as by animals on the road, and other similar circumstances. It ensures that the path is followed properly and activates the brakes to assist and control the vehicle while driving in slippery conditions [60]. ESC is one of the key dynamic security frameworks widely introduced around the world in all types of vehicles by manufacturers [61].

3.3.3. Reduce Congestion

As a critical component of traffic flow, vehicles play a vital role in the road traffic system. The transportation department finds the effect of autonomous vehicles on the capacity of highway sections and traffic signal intersections. With the electric vehicle autopilot mode and driving assistance, the quality of the journey will be better, fewer brakes will be applied, traffic rules will be followed, and alternative routes will be provided, so there is the possibility of enhancing the speed of traffic flow, and eventually reduce congestion and road blockages [62].

(i)

Lane detection: Lane detection sensors are often used in EVs to help the vehicle stay within its lane on the road and avoid collisions. These sensors are typically part of the vehicle’s advanced driver assistance system (ADAS), which is a suite of technologies designed to improve safety and driving performance [63]. If the vehicle begins to drift out of its lane, the sensors can alert the driver and/or take corrective action, such as applying the brakes or steering the vehicle back into the lane.

(ii)

Short-range radio (SRD): SRD is a radio transmitter unit that performs short-range communication using low power. It is helpful for communicating with other vehicles, roadside components, and other objects [64].

(iii)

Vehicle communication: The vehicular communication system is a radio network through which multiple vehicles and roadside units can communicate and exchange information. The information includes road signals, safety warnings, turn indicators, path priority, and traffic information. This kind of information is effective in avoiding road accidents, potential path findings, and mitigating traffic congestion. On a broader level, the communication is called vehicle-to-everything (V2X) communication [65]. The V2V communication happens using vehicular ad hoc networks (VANETs) or short-range radio. These are wireless networks through which vehicles can communicate and share information about the position, speed, stability, braking, direction, and urgency of the driving. Figure 3 provides an illustration of communication between vehicles and other components. V2X is divided into subcategories based on the sender and receiver, such as infrastructure, grid, vehicle, network, device, and pedestrians.

3.4. Implementation of Vehicle-to-Everything (V2X) Communication

Vehicle-to-Everything (V2X) communication is a set of technologies that allows vehicles to communicate. There are two main types of V2X communication: short range and long range [66].

Short-range V2X communication is typically based on technologies such as Zigbee or infrared. These have a limited range, usually less than 100 m, but are able to transmit data at high speeds and with low latency [67]. This is useful for applications such as cooperative collision avoidance, where vehicles need to quickly exchange information about their location and speed in order to avoid collisions.

Long-range V2X communication is typically based on cellular technologies such as 4G, 5G, and 6G. These technologies have a much larger range, usually several kilometers, but have higher latency and lower data rates [66]. This is useful for applications such as traffic management, where vehicles need to send and receive information about traffic conditions over a large area.

Moreover, some integrated circuits (ICs) are being introduced specifically to enable V2X communication [68]. These include dedicated communication modules that can be integrated into a vehicle’s onboard systems, providing an off-the-shelf solution. These ICs will be able to handle various communication technologies and protocols and are expected to provide a more efficient and cost-effective way of implementing V2X communication.

(1)

Vehicle-to-Infrastructure (V2I) is a communication that allows vehicles to share data with roadside components, including but not limited to radio frequency identification (RFID) readers, traffic lights, cameras, lane markers, and signs.

(2)

Vehicle-to-Grid (V2G) communication is fundamental to smart charging but goes a step further. It also allows for the transfer of unused power stored in the batteries of cars. This power can be fed back into the grid to allow for efficient use of energy.

(3)

Vehicle-to-Vehicle (V2V) performs wireless transmission between different vehicles. Mostly, it utilizes an ad hoc mesh network or short-range radio to perform communication. Information-sharing includes but is not limited to car speed, braking, position, stability, and direction of travel.

(4)

Vehicle-to-Network (V2N) facilitates information exchange between multiple networks, including vehicles, lane markings, traffic lights, and other road infrastructure.

(5)

The Vehicle-to-Device (V2D) communication system is responsible for the exchange of data between a vehicle and any other electronic device that may be connected.

(6)

The Vehicle-to-Pedestrian (V2P) platform allows vehicle-to-pedestrian communication. This feature is fully applicable when smart road infrastructure is implemented. The key features proposed for V2P include information for children, individuals on bicycles, wheelchairs, and passengers.

4. Cyber Threats and Privacy Issues

The increasing use of sensors in EVs is creating cyber threats and privacy issues due to the sensitivity of the data collected and stored. Sensors collect various information, including driver and passenger identification, location data, and vehicle performance metrics, which can be used for malicious purposes [69]. Additionally, malicious actors can exploit software vulnerabilities to gain access to vehicle systems and take control of the car [70].

Threats and problems targeting sensors in EVs are not new. In the past, there have been several cases in which vehicle manufacturers have had to recall vehicles due to defects in electronic components. For example, in 2015, Tesla recalled 90,000 Model S sedans due to a faulty charging system that posed a fire risk [71]. Honda also had to recall over 1 million vehicles due to a defect in the airbag inflator system [72]. In April 2018, Tesla recalled over 123,000 vehicles due to a potential defect in the driver’s side airbag inflator that could cause it to deploy unexpectedly [73]. Similarly, Fiat Chrysler automobiles recalled nearly 350,000 vehicles due to a software bug that could cause ignition problems [74]. In May 2019, Toyota recalled nearly 1.4 million vehicles due to a software defect that could cause the engine to stall or the airbags to deploy unexpectedly [75].

These recalls were made because EVs are equipped with sensors, and some of these sensors have larger attack surfaces due to their utilization of third-party software, faulty hardware, or limited software and hardware quality assurance testing. Some of these sensors are also vulnerable to cyber threats such as malware, remote access, zero-day exploits and intentional flaws introduced during manufacturing, and embedded system flaws [20,76]. Figure 4 provides an illustration of multiple cyber threats that, if vulnerable or exploited, can lead to cyber-attacks and cause severe damage to vehicle owners and manufacturers. The figure is labeled into twelve categories; the detailed impact of these threats on EV sensors has been discussed in subsequent subsections.

Although all of these threats discussed are directed at EVs, what is less known is that they also affect long-term sustainability goals. Therefore, to understand how these cyber threats impact sustainability, we provide a detailed explanation. Previously, in Section 3, we introduced the first taxonomy (sensor-to-sustainability) in Figure 2 that mapped different EV sensor categories into the three sustainability goals that they help achieve. Next, in this section, a second taxonomy (threats-to-sensors) has been introduced in Figure 5 that visualizes different cyber threats that target EV sensors.

A logical relationship has been represented in Equation (2). The equation formally represents using predicate logic notation a relationship between important entities in an EV environment: namely, the sensors deployed and the threats they present.

In this equation, T represents a set of all threats targeting a set S of all sensors used in EVs deployed to maintain sustainability. A survey of the most common threats and their corresponding sensors was conducted, and a taxonomy diagram (threats-to-sensors) was created to visualize their mappings. This has been illustrated in Figure 5.

$$T\Rightarrow S$$

(2)

$$\begin{array}{ccc}\hfill \mathit{T}& \hfill =\hfill & \{threat1,threat2,threat3,\dots \}\hfill \\ \hfill \mathit{S}& \hfill =\hfill & \{sensor1,sensor2,sensor3,\dots \}\hfill \end{array}$$

The intention is that future researchers can utilize these two taxonomies together to identify those threats that, if materialized, would negatively impact the achievement of the sustainability domains of life, well-being, safe environment, innovation, and development.

To understand how cyber threats affect sustainability, a transitive property (also called transitive Law [77]) is applied to Equations (1) and (2), which states that if a threat $t\in T$ impacts a sensor $s\in S$ and s improves sustainability domain $s^{\prime }\in S^{\prime }$ then t also impacts $s^{\prime }$. Logically, this can be written as (T ⇒ S) and (S ⇒ S′), therefore (T ⇒ S′).

Applying the transitive property on Equations (1) and (2), we get Equation (3).

$$T\Rightarrow S^{\prime }$$

(3)

This demonstrates that threats will not only impact EV sensors but will also affect long-term sustainability goals.

4.1. Malware

Malware refers to malicious software designed to harm a computer system. We are seeing an emergence of certain types of malware specifically targeting EVs. Malware that targets EVs can be categorized into four types, which are spyware, trojan, ransomware, and cryptojackers. The most common type of malware is ransomware [78]. In the past, hackers hit San Francisco transport systems and demanded 100 Bitcoins in ransom. All computers installed across the stations and the city transport network were hijacked and disabled, with all the screens displaying hackers’ messages to the public [79]. Initially, these attacks targeted the government transportation sector such as metro stations, but they have since broadened in scope to include not just government institutions but automotive companies as well such as Tesla, Honda, Nisan, and Toyota. Ransomware bribes were around $6.9 million in 2019 and $20 billion in 2020. These are predicted to surpass $50 billion by the year 2023 [80].

4.2. Private Data

EVs are equipped with multiple sensors that generate data. Even when not driving, EVs generate data related to the drive from vehicular sensors. Data are not only limited to driving data but also includes personal information such as a person’s voice calling, text messages, contact lists, email accounts, financial details, phone location, reminders, and even videos and photographs. EV manufacturers collect these data to design and train AI models to provide a better customer experience. These data are important for manufacturers as well as third parties to develop marketing strategies and for commercialization [81]. The data are worth millions and can be sold for revenue similar to how big-tech social media companies profit from personalized and location-based advertisements. In 2016, the worldwide consulting firm McKinsey estimated that global profits from vehicle-generated information could reach $75 billion by 2030 [82]. This financial benefit makes it an ideal target for hackers.

4.3. Third-Party Attacks

Third-party libraries are pre-existing software libraries or modules that are developed by external parties and made available for use by other developers. These libraries can be used to implement various features in EVs, such as navigation, communication, and sensory control. Companies may rely on these third-party libraries for a variety of reasons. Firstly, it may be more cost-effective and time-efficient to use a pre-existing library rather than developing the software from scratch. Secondly, third-party libraries may also offer specialized functionality or capabilities that a company may not have the resources or expertise to develop in-house. Many third-party libraries are freely available online, such as on open-source platforms such as GitHub.

However, there are potential risks associated with using third-party libraries. The library may contain vulnerabilities that can be exploited by hackers. For example, if a library has not been properly maintained or updated, it may contain known vulnerabilities that have not been patched [83]. In the past, a 19-year-old hacker, David Colombo from Germany, exploited a vulnerable application to break into Tesla cars. He could remotely unlock, track and access car features such as open windows, blink the flashlights, and even bypass keyless entry for starting the vehicle [84]. Another attack was performed on the Volkswagen (German vehicle manufacturer) infotainment system using third-party libraries to perform remote software updates. Researchers found the system vulnerable during a security assessment of the Volkswagen [85]. Researchers disclosed that vulnerabilities in the underlying software library had already been reported in the past, but surprisingly, the library was still integrated without proper verification and evaluation of the vehicle’s infotainment system.

4.4. Spam and Advertising

Spam refers to misleading information, falsified service, and unsolicited messages. Attackers advertise spam messages or fake products to many internet users and network-connected devices to spread malware and make users click on phishing websites for credential harvesting. Some EVs are connected to the Internet and have a touch screen for display, navigation, music, voice dialing, and other accessibility features. In the past, security researchers found vulnerabilities in a vehicle control system that uses Qualcomm chipsets [86]. The vulnerability was exploitable through a remote code execution attack using a mobile device. After successful exploitation, researchers could view media and remotely listen to conversations. In 2020, a researcher was able to hack and display custom messages, dialogues, and symbols on the EV display screen using the Arduino circuit board [87]. These display screens and infotainment systems are vulnerable to spam, phishing, and advertisements. An attacker can advertise fake charging stations, lower rates, and other misleading information to trick drivers.

4.5. Wireless Communication Attacks

Electric cars use a variety of different communication protocols such as cell technology, bluetooth, zigbee, and radio frequency for wireless connectivity. These protocols aid in-vehicle messaging between connected sensors as well as facilitate V2X communications. In 2021, German security researchers performed a ‘TBONE’ attack on Tesla, in which drones were used to enter the EV’s control system. The researchers gained access to the Tesla vehicle, which allowed them to unlock the car, open the charging port, and execute commands without touching the car [88]. This was achieved by taking advantage of the fact that all Tesla vehicles search and automatically connect to a WiFi network named Tesla Service, the credentials for which were openly leaked onto hacker forums. In the past, two laptops were stolen from an EV when thieves broke into the vehicle using a wireless signal-jamming device. Fortunately, no physical damage was incurred to the vehicle. In this scenario, these signal jammers were used to prevent the vehicle owner from engaging the locking mechanism [89].

4.6. Charging Infrastructure Attacks

Electric chargers are being installed everywhere, such as in parking spots, highways, shopping malls, and retail shopping centers in order to facilitate EV users. The charging infrastructure has become the most vulnerable place for hackers due to the lack of surveillance, ease of access, and a wide variety of exploitation options [90,91,92]. Multiple attack scenarios have been witnessed in the past. As of April 2022, a hacker hacked into UK Electric Vehicle Charging Points (EVCP), disabled onsite charging and started showing pornographic content on charging screens [93]. Similarly, Ukrainian charging stations were hacked, and the attacker published an inappropriate message against politicians [94]. The hack was carried out on Russia’s M11 motorway, which extends from Moscow to Saint Petersburg. This attack was launched by exploiting a remote code execution back door in the charging station software deployed by an equipment manufacturer ‘Rosseti Enterprise’.

4.7. Identity Theft and Authentications Attack

Identity theft in vehicles refers to unauthorized access to vehicles using the owner’s stolen identity, such as the use of their keyless entry cards or the owner account associated with the EV that is used to control vehicular features. This attack is gaining popularity in EVs. Some EVs come with keyless entry and use an NFC-based card to unlock vehicle doors. Attackers can take advantage of this feature. A researcher demonstrated the “NFC Relay Attack” on an electric vehicle that allowed him to bypass keyless entry [95]. To demonstrate this attack, two thieves work simultaneously. One of the thieves acquires the relay device in close proximity to the owner’s key card, while his accomplice positions the other part of the device to the vehicle to be stolen. There is also another variation of relay attacks that exploits a vulnerability in the bluetooth stack. A researcher was also successful in unlocking Tesla vehicles by exploiting this vulnerability in the bluetooth low energy (BLE) module available in Tesla [96]. In the past, an attacker retrofitted a gaming console and customized it in such a way that it was used as a signal transmission device: an alternative to a vehicle remote that unlocked a number of vehicles [97].

4.8. Battery and Energy Attacks

A vehicle’s rechargeable battery is an important component because it is used for powering electric motors and other electronic components. In the past, attackers have hacked electric cars to siphon the energy in their batteries for cryptomining, whereby the computational resources and energy of the vehicle are used to mine cryptocurrency and earn money. In the past, one Tesla owner mined Ethereum and Bitcoin in the Tesla Model 3 and made $800 [98]. Similarly, in June 2021, researchers experimented with cryptocurrency mining in their EV [99]. They claimed that mining running for 12 h earned a total of 0.0117 Ether and $30.39 and concluded that non-stop mining for a year would earn 4.275 Ether or $11,092 at the time of the experiment. Recently, some EVs manufacturing companies are also integrating these features into specific models: for example, an EV manufacturer named Daymak introduced a vehicle named Spiritus that mines crypto in its free time and facilitates drivers with crypto rewards that can be redeemed in local currency [100].

Researchers have also demonstrated how an attacker may cryptojack someone else’s EV resources to mine for cryptocurrency [9]. An attacker can even hijack an entire fleet of EVs simultaneously for cryptojacking. In 2018, an attacker hacked Tesla’s cloud servers to mine cryptocurrencies by planting a malware known as Stratum in Tesla’s web administration accounts [101]. In another scenario, researchers demonstrated the power jacking attack, which affects the connected power grid by exploiting software vulnerabilities in charging stations. This attack is also capable of disrupting the charging process, modifying firmware settings, changing billing, and even accessing PII [102].

4.9. CAN-Bus Attacks

The controller area network (CAN Bus) is a standard that allows microcontrollers and devices to communicate with each other without a host computer. The module is popular in in-vehicle networks and allows electronic control units (ECUs) to communicate with each other [103]. The CAN standard lacks provisions for encryption and authentication and is therefore vulnerable to security attacks. For instance, any unauthorized connected node is allowed to join and participate freely in the communication. The communication itself does not require specifying destination and source addresses, so every node can listen in to all messages as they are unencrypted [104]. An adversary can hijack and inject crafted instruction packets with high priority in CAN. Therefore, it is also vulnerable to eavesdropping, privacy invasion, data manipulation, and denial of service (DoS) attacks [105]. If the CAN or any of its connected components are compromised, various important vehicle functions that depend upon it can malfunction and even result in fatal accidents. In the past, a researcher demonstrated an attack using an Arduino device to inject CAN message to unlock doors, control navigation, and manipulate display messages [106].

4.10. Mobile Application Attacks

There are multiple EV applications available on mobile stores that assist EV drivers in finding available charging stations and make the charging process more convenient. Applications such as Charge-hub, Charge-point, Charge-way, EV-go, Charge Map, Open ChargeMap, Evmatch, ChargeFox, and Plug-Share provide information about nearby charging stations, allow the driver to reserve a spot and notify him in real time about the status of the charge. Some applications even allow for making payments for the charging fare. These applications contain users’ personal information such as associated financial accounts, location coordinates, messages, call logs, and PII [107,108]. Some of these applications are provided by EV manufacturers and large companies, but many are third-party applications which are built and distributed by independent developers [109]. Poorly developed applications contain security flaws, backdoors, and privacy loopholes [110]. In 2016, the Nissan connect app was hacked to gain control of the EV functions including the vehicle sensors, air conditioning, and heating [111]. On 21 July 2015, two security researchers successfully hacked a Jeep Cherokee using an app called UConnect. The two were able to take control of the vehicle remotely, locking the driver out from the vehicle’s controls and steering it toward a ditch [111].

4.11. Sensor-Based Attacks

Sensor-based attacks in EVs can be carried out by disrupting or manipulating the sensor data by physically tampering with the sensors or by exploiting their communication protocols [112]. A researcher demonstrated vulnerability exploitation for electromagnetic sensors and performed attacks on EV power converters to manipulate the vehicle voltage [113]. He proved that it is possible to control and manipulate the switching state for individual transistors in order to cause damage to the connected system. In the past, a researcher demonstrated a jamming device used to bypass a vehicle collision avoidance system and jam emergency braking to cause an accident. The attack was demonstrated on a Tesla model 3 [114]. Sensor-based attacks can cause unavailability of services, network disruption, message alteration, eavesdropping, and impersonation [112].

4.12. Removable Media Attacks

EVs are vulnerable to cyber attacks via removable media and USB devices, as these devices can be conveniently used to introduce malware (malicious code). Such EV malware can corrupt or delete the vehicle’s system configuration files, execute malicious code on the vehicle’s onboard computer, or gain access to the vehicle’s internal network. In the past, there were many cases in which cybercriminals used different social engineering techniques such as the USB key drop attack to drop flash drives into parking spaces, place them in corporate offices, and even send infected malicious USB drives to a targeted victim as a gift [115]. The same technique of an infected USB can be used to cause potentially serious disruption to EVs. In the past, an attacker used an Arduino-based removable device to bypass the Mercedes infotainment system and thereby retrieve, decode, and modify CAN messages [106]. Similarly, some EVs allow updates using a flash drive or detachable media which provides hackers an opportunity for installing malicious software during a software update if the flash is compromised [116].

5. Safeguards

This section provides details of safeguards that can be used to secure EVs and make them resilient against cyber attacks. Earlier, in Section 3, the first taxonomy (sensor-to-sustainability) was introduced in Figure 2 that mapped different EV sensor categories into the three goals of sustainability that they help to attain. Next, in Section 4, a second taxonomy (threats-to-sensors) was introduced in Figure 5 that visualizes different cyber threats that target EV sensors. Now, in this section, the third and last taxonomy (defenses-to-threats) is introduced in Figure 6 that maps different security controls and safeguards to potential cybersecurity threats.

Equation (4) provides details of the third taxonomy (defenses-to-threats) illustrated in Figure 6 where T is used for the set of security threats illustrated in Figure 4 and D is the set of defenses proposed to protect EVs. The graphic visualization of these security controls is illustrated in Figure 6, and a detailed explanation has been added in subsequent subsections.

$$D\Rightarrow T$$

(4)

$$\begin{array}{ccc}\hfill \mathit{D}& \hfill =\hfill & \{defense1,defense2,defense3,\dots \}\hfill \\ \hfill \mathit{T}& \hfill =\hfill & \{threat1,threat2,threat3,\dots \}\hfill \end{array}$$

5.1. Malware

Malware attacks can be defended with the appropriate use of an anomaly-based intrusion detection system (IDS) [117]. These IDSes work by recording the baseline traffic behavior of a vehicular network and then comparing the live network with the recorded baseline patterns to detect anomalies or different behavior in the network [118]. Malware spread can also be controlled by limiting the direct installation of multiple applications on vehicular networks. EV manufacturers may introduce a mechanism to incubate applications in a virtual space such as a sandbox or virtual machine. This will minimize the chances of malware installation, propagation, and system failure because every new application will be thoroughly tested against malicious behavior before its actual deployment on EVs [119]. In addition, a patch and vulnerability management system can be introduced to protect the EV infrastructure against malicious updates and vulnerable programs [120]. Finally, cybersecurity awareness and the training of EV users will enable them to detect and report suspicious malware behavior in a timely manner.

5.2. Private Data

Data security pertains to securing vehicular data and user PII generated by an EV [121]. Not all EV data require an equal amount of protection. EV data sensitivity may be first determined using data classification techniques [122]. There can be many potential classes, but based on research, one sample data classification has been visualized in Figure 7. Four categories have been depicted: secret, confidential, sensitive, and unclassified [123,124]. Similarly, more or fewer categories can be made on the basis of the availability of chosen artifacts.

Once classified, appropriate data protection techniques can be employed to secure EVs data which include: (1) data minimizing, (2) data masking, anonymization, and sanitization, (3) data tokenization, and (4) data encryption. Data minimization involves collecting only the data that is necessary for a given purpose. Data masking obscures or changes data elements to prevent the data from being misused. Data anonymization is the process of removing identifying information from data. Sanitization is the process of removing or altering sensitive data from data, and data tokenization is the process of replacing sensitive data with a token or unique identifier. Finally, data encryption involves encoding data in unreadable ciphertext to ensure it is secure. EV manufacturers may choose to selectively apply one or more of the above to secure a particular class of data based on its sensitivity level. For instance, secret data require more confidentiality and integrity than unclassified data. Therefore, encrypted data storage can be maintained during transmission between communication channels, modules, and sensors. In addition to the above techniques, access control may be employed. For instance, data-privileged access management can be implemented for secret data based on rule-based access. Finally, EV manufacturers can explicitly design security policies that contain rules for data sharing of information, statistics, marketing and advertising with third parties.

5.3. Third-Party Applications

Publicly available third-party applications and libraries may be tested and secured against existing vulnerabilities and security loopholes before integration. To securely integrate these third-party applications, pre-penetration testing and vulnerability assessment is recommended [125]. In addition, post-software quality assurance testing after successful integration can help to detect and remove compatibility issues or insecure communications before final production and use. Finally, software hardening may be performed against individual EV units and application modules to reduce the attack surface [126].

5.4. Spam and Advertising

Restricted and monitored third-party information disclosure helps in avoiding and defending against spam and targeted advertisements [127]. Most of the time, advertisements are customized based on user interests, age, gender, location coordinates, and search preferences. These data are collected and shared with third-party companies for profit or to analyze market trends [128]. Therefore, the installation of anti-spam and anti-tracking controls can prevent excessive exposure [129]. Similarly, machine-learning-based ad-blocking services can be pre-embedded by EV manufacturers to detect and block targeted advertisements in EVs and at charging stations [130].

5.5. Wireless Communication Attacks

To secure wireless communication against attacks, it is recommended to use strong wireless access controls that leverage advanced encryption standards for data transmission such as WAP2 and WAP3 [131]. In addition, EV manufacturers may abstain from the use of communication channels and protocols with hardcoded embedded credentials. Moreover, it is recommended to segregate EVs from connecting to untrusted devices and restricting auto-connect with open networks [132]. Moreover, encrypted communication may be used between inter-components and cross-vehicular components to avoid data intersection, message intrusion, and man-in-the-middle attack [133].

5.6. Charging Infrastructure Attacks

Electric vehicle charging stations are vulnerable to potential cyber threats and tempering [134]. Some EV chargers use a raspberry-Pi and insecure hardware that makes them vulnerable to potential cybersecurity threats [135]. Developing secure hardware standards that prevent access to the internal circuit board will aid in making EV chargers tamper-proof [136]. In addition, secure hardware boot can be used to authenticate system images and embed code to prevent unauthorized access or tampering [137]. Original equipment manufacturers are required to implement and use a combination of software-hardening techniques and temper-proof hardware [138]. Finally, EV charging stations may use AI-based intrusion detection systems (IDS) to detect and report malicious intents [139].

5.7. Identity Theft and Authentications Attack

In the past, the keyless entry has been compromised using a variety of attacks, such as jamming attacks in which a jamming device interrupts the communication between the key card and the vehicle to prevent it from locking. Similarly, NFC relay attacks have been used to steal vehicles [95]; hence, it is important to identify and defend against such attacks.

There can be several ways to identify unauthorized access to EVs using keyless entry cards, such as two-factor authentication using a smartphone or default vehicle application. The vehicle can be configured to send a notification to the registered owner’s mobile every time the vehicle is unlocked or started using the key card. Similarly, the default vehicle application can create an alert. This way, the owner will be notified if someone else is using their key card to access the vehicle. Additionally, some vehicle applications allow remote locking and unlocking; thus, owners can disable the vehicle through the smartphone app if they suspect it is being stolen.

Similarly, the vehicle can be configured to require a unique access code to be entered before the vehicle can be started. Entering the wrong code multiple times will alert the owner about suspicious activity and lock the car. Another way to identify such attacks can be to build a driver profile based on facial features extracted through a dashboard-mounted camera and the driving habits analyzed over time. In such cases, if unauthorized access takes place, the driver will recognize it, and it can be trained to honk and send alerts to the owner.

Another important thing is to provide basic training to the users about how to safely store key cards, such as on the use of a faraday key fob protector that blocks radio frequency emissions and protects the keyless card entry of vehicles [140]. In addition, two-factor authentication (2FA) may be used to provide an additional layer of security [141]. 2FA will enable the proper usage of two or more factors to grant access to the vehicle, such as something you have (e.g., a key or keyless card), something you know (e.g., a security code/password), and something you are (e.g., face detection/fingerprint scanner) [142].

5.8. Battery and Energy Attacks

With the growing adoption of EVs, many people are misusing EV resources in order to generate passive income, such as the use of crypto mining by installing multiple GPUs with EV batteries. Similarly, there are numerous unnecessary applications and battery attacks that drain batteries and reduce EV performance [120,143]. To defend against these kinds of attacks, it is recommended to detect and remove potentially harmful applications (PHA) and monitor the impact of other system applications that—while they are meant to facilitate users—end up consuming too much battery [144]. In addition, a code signing certificate can be used to sign and verify access and apps that users may install [145]. Malicious software performs a battery exhaustion attack in which multiple malicious service requests are made to engage the maximum possible system resources and drain the battery. They may be monitored through drain detection or early warning systems [146].

5.9. CAN-Bus Attacks

Most sensors and controllers are connected directly to the CAN Bus so that they can communicate with any other EV device even though functionality-wise, they require connectivity to only a few selected devices. Some of these newly developed sensors are not thoroughly tested or quality ensured and have security vulnerabilities that lead to unauthorized access to the CAN network. Compromise of the CAN interconnection can lead to the misuse of multiple EV functionalities [147]. It is recommended to perform network segregation through the firewall to reduce CAN Bus attacks [103]. In addition, EV manufacturers can implement CAN Guard, which is a mechanism that detects anomalies, prevents malicious actors and blocks communication attacks. Similarly, CAN-IDS can detect and block malicious data, traffic, and message transmissions through the CAN network and identify compromised nodes existing in the network [148].

5.10. EV Mobile Applications Attacks

It is important to maintain EV application security standards by implementing secure coding practices and performing security assessments during the production phase [149]. A thorough auditing and evaluation can help identify security vulnerabilities, which can be patched before making applications available to mobile app stores. Similarly, publicly available third-party mobile applications have software bugs and should not be trusted to connect directly with EVs without proper research [150]. An application usage policy can be developed by EV manufacturers that outlines terms and conditions for directly connecting mobile application with EVs. Particularly for the infotainment system, the safest approach is for EV manufacturers to provide a hardened application themselves that provides also necessary functionality. The application may ensure minimal user data disclosure, encrypts all communication and addresses data leak prevention [151,152]. This will discourage the use of third-party untrusted applications that are freely available.

5.11. Sensor-Based Attacks

The EV sensors themselves may be secured against vulnerabilities, cyber-attacks, tempering, breakage, and damage in a number of ways. Firstly, it is recommended to make temper-protected hardware for sensors integrated inside and outside the vehicles [153]. Secondly, EV manufacturers may remove the possibility of integrating fake sensors, which auto repairers sometimes do in the market with the aim of data spoofing into embedded circuits associated with EVs or charging stations or to spoof sensory data. Implementing the cross-controller authentication of sensors and EV circuits [154] would protect against spoofing. In addition, there should be a majority sensor voting mechanism in case there exist redundant sensors to ensure data integrity [155].

5.12. Removable Media Attacks

Flash drives and USBs are the easiest way for malware propagation and device tempering [156]. Therefore, EV manufacturers may introduce a policy that provides users awareness discouraging the connection of unauthorized devices. A policy on the use of official USB drives obtained from the vehicle dealership with embedded patches would also help here. In addition, users should be aware about the dangers of inserting third-party, unknown, and infected USB drives to their vehicles [157]. Finally, there should be a zero-trust policy against detachable media. Every device should be scanned adequately against malicious software, and EVs may block auto-run executables as policy. [158,159].

6. Discussion and Open Issues

EVs offer numerous benefits and are considered a more sustainable and a viable alternative to traditional gasoline-powered vehicles. Aside from the security and privacy issues discussed above, there are still some other challenges associated with EVs that need to be addressed prior to widespread adoption. One of the main issues is the ready availability of charging infrastructure. Although the number of charging stations is increasing, there is still a lack of access in many places, particularly in rural and remote areas. Many a time, EV owners will have to travel long distances to find a charge point.

Another challenge for EVs is the cost. Although the upfront costs of EVs have decreased significantly in recent years, they still tend to be more expensive than traditional gasoline-powered vehicles. This cost barrier makes EVs less accessible to those with lower incomes.

Improving battery technology is another important challenge that needs to be addressed. Batteries are the most expensive part of EVs, and the current technology is limited in terms of range and longevity. Developing better batteries that are more efficient, have longer lifespans, and support long-range drives could drastically improve the consumer appeal of EVs.

In recent years, there have been numerous developments in the automotive industry, and new technological solutions are introduced to provide ease in driving and navigation. One such example is Comma.ai, which is a company that specializes in developing software and hardware that enables existing vehicles to become autonomous. Comma.ai uses specially designed sensors and hardware modules that are integrated into vehicles in order to obtain input about surroundings and take appropriate actions. The inputs are further classified using advanced AI and machine learning/deep learning models such as convolutional neural networks (CNN) and recurrent neural networks (RNN) for sensor data processing, image classification, object detection, semantic segmentation, and motion prediction [160]. In terms of sensor fusion, they use Kalman filters and extended Kalman filters (EKF) to combine and process data from various sensors such as cameras, radars, lidars, and microcontrollers. The specially designed hardware uses cameras such as the Sony IMX camera module, LIDARs such as Velodyne VLP-16, microcontrollers such as the Nvidia Jetson Xavier for processing power, and in terms of ICs, it uses processors such as Qualcomm Snapdragon, which is responsible for running the deep learning models and sensor fusion algorithms. The growing use of similar devices can make someone more vulnerable to cyber threats; therefore, it is important to audit and evaluate these kinds of devices.

The use of third-party mobile applications is increasing for electric vehicles as they provide a convenient way for users to access and control various features of their vehicles, such as charging status, battery level, and remote start. However, these applications also introduce new cybersecurity challenges and potential privacy leaks.

One such challenge is the vulnerabilities in the permission model in the Android operating system. Android apps often request access to various device features and data, such as location, camera, and microphone, contacts. Some of these permissions are categorized as highly sensitive and critical; however, some apps may request access to sensitive data or features that are not necessary for the app to function properly. This can lead to privacy leaks, as the app can collect and transmit personal information without the user’s knowledge or consent.

Another cybersecurity challenge that arises from the use of third-party mobile apps for electric vehicles is the risk of malware. Malicious apps can be disguised as legitimate apps and can be used to gain unauthorized access to the vehicle’s systems or steal personal information. For instance, EV-go is a charging application that utilizes multiple permissions including location, storage, and camera. On analyzing, we found that the application contains high-risk vulnerabilities that if exploited can lead to the disclosure of user’s personal data.

In order to ensure that EVs can become a truly sustainable option, it is essential that governments, industry, and the public work together to address these challenges. Governments can provide incentives for purchasing EVs and installing charging stations, while the industry can focus on developing more efficient and affordable models. Finally, the public can help by advocating EV adoption, educating others on the benefits of EVs, and committing to more sustainable lifestyle choices.

7. Conclusions

EVs have the potential to reduce emissions and air pollution, reduce reliance on fossil fuels, and help secure a more sustainable future for the transportation industry. With continued research, development, and infrastructure investments, EVs could become the primary form of transportation. The most important research challenges in EVs are enhancing EVs’ safety and privacy, developing secure charging infrastructure, improving the energy efficiency of batteries, increasing the range of vehicles, and reducing EVs’ costs.

The article can be used as a baseline to understand and address future EV challenges. Multi-disciplinary researchers can use this research to develop a compatibility suite of security controls for EVs’ sustainability features. We hope that the provided suggestions and future research direction facilitate industry professionals, academic institutions, cyber analysts, and automotive manufacturers to address these current challenges to make a smooth transition toward smart cities and a sustainable future.