Co-Founder of The OSINT Group and star of TV’s Hunted Ben Owen shares recent incidents, real-world exploits and insights into the systemic vulnerabilities affecting electric vehicle (EV) infrastructure.
A few years ago, I had the pleasure of speaking at one of Alec Peachey’s Transport + Energy events in the Midlands. Since then, Alec and I have continued our conversations around the role of cyber security in this ever-evolving sector. I’ve always admired Alec’s passion and depth of knowledge, which has encouraged me to keep a close eye on how cyber security intersects with transport and energy.
At the time of working with Alec, I’ll be honest, I didn’t know as much as I do now about the complexities and risks involved. But that curiosity stuck with me. And now, with more data, real-world examples, and a deeper understanding of the threat landscape, I feel it’s the right moment to share a few thoughts on the growing cyber risks facing this critical part of our infrastructure.
So, here goes.
As the world accelerates toward a greener transport future, new digital gateways, including electric vehicles, public chargers, mobile apps and backend networks, face unprecedented cyber risks. In this article, The OSINT Group shares recent incidents, real-world exploits and insights into the systemic vulnerabilities affecting EV infrastructure. From “harmless” hacks that flashed pornography on public charger screens, to researchers accessing charger firmware in real time, and industrial-grade exploits capable of tripping entire power grids, this is the landscape we need to scrutinise. We see all too often with digital advances, that companies and governments often overlook security as a priority in replacement of ‘good news’ stories and being able to publicise their advancements in greener improvements faster.
While electric vehicles are often praised for their environmental benefits and reduced maintenance costs, their increasing dependence on software, connectivity and cloud integration introduces an entirely new threat surface. In the last few years alone, several critical vulnerabilities have been exposed across charging stations, vehicle APIs, mobile applications and home charger units. These are not theoretical risks. They are active, real-world attack surfaces being exploited, ignored or quietly patched after researchers raise concerns.
In 2022, chargers across Russia’s main motorways were hacked to display anti-government messages, while in the UK, devices on the Isle of Wight were manipulated to show explicit adult content. These incidents, although sometimes dismissed as digital graffiti, reveal a deeper concern: many public EV chargers are operating on insecure firmware, with default credentials or unpatched vulnerabilities that could be used to extract data, disable units or launch coordinated disruptions.
In January 2023, security researchers demonstrated how several public charging stations running Windows-based systems were accessible through remote desktop tools like TeamViewer, which had been poorly secured or left exposed. In theory, a malicious actor could access payment terminals, shut down chargers or manipulate the interface to intercept personal and financial data. This is particularly concerning when you consider the scale of electrification in metropolitan areas, where a single compromised network could impact thousands of users.
Most recently, in May 2025, cyber security firm SEC Consult disclosed 19 critical flaws in two widely-used charging station models. These included hard-coded administrative credentials, unauthenticated remote access and insecure communication protocols. Despite the severity of the findings, some of the vendors involved had not issued patches more than five months later. For an industry that prides itself on innovation, this lack of urgency in addressing cyber vulnerabilities is troubling.
The risks do not end at the charging unit. Mobile apps used to locate stations, pay for charging sessions and remotely control vehicle functions have also come under scrutiny. In April 2025, a vulnerability in an electric vehicle model’s app allowed anyone with a vehicle’s VIN number to trigger remote commands, such as activating climate control or accessing trip data. Similarly, backend weaknesses in apps by other major manufacturers have exposed driver locations and behavioural data, raising concerns around surveillance and stalking.
There is also growing anxiety about how electric vehicle infrastructure might be manipulated at scale to disrupt power distribution. Researchers have shown how a coordinated cyber attack could simultaneously activate or disable thousands of chargers, creating unpredictable demand spikes that may overload the grid. Demonstrations such as the ‘Brokenwire’ experiment, where low-power radio signals were used to abort charging sessions remotely, highlight how physical disruption can be achieved with minimal equipment and technical knowledge.
During the Pwn2Own Automotive competition in early 2025, white-hat hackers successfully exploited multiple EV chargers. These exploits bypassed firmware security and allowed direct manipulation of charger functions. While these events are coordinated to encourage responsible disclosure, they illustrate how vulnerable these systems remain, even in the most premium consumer products.
What makes this sector particularly at risk is the pace of adoption outpacing the development of regulation. In the UK, EU and US, governments are only now beginning to introduce minimum cyber security standards for connected infrastructure. While some vendors have responded with enhanced monitoring software and tamper-resistant hardware, many smaller manufacturers continue to operate with minimal security oversight.
As we move into an era where electric transport is no longer niche, but mainstream, the digital integrity of the systems that support it must be treated as a critical priority. The risks go far beyond inconvenience. Compromised charging networks could facilitate identity theft, financial fraud, physical disruption, or even serve as an entry point into wider energy or transport systems.
At The OSINT Group, we continue to monitor these trends closely, providing intelligence-led assessments to help organisations and individuals understand the real-world implications of cyber-attacks on green infrastructure. For those investing in electric fleets or operating EV charging networks, the message is clear: cyber security must be built in, not bolted on.
Ben Owen – The OSINT Group.
Find out more about The OSINT Group here.
