Your electric car runs on data but how safe is it from cyberattacks?

Modern EVs are like computers on a wheel, collecting detailed personal data from your routes to your playlists which has raised urgent questions about privacy and cybersecurity

Hackers are increasingly zeroing in on Malaysia’s fast-growing automotive sector, raising fresh concerns about cybersecurity gaps in the country’s electric vehicle (EV) ecosystem. A new report by Singapore-based Ensign Infosecurity warns that modern EVs, filled with advanced software and internet-connected systems, are becoming high-value targets for cybercriminals seeking to intercept sensitive data through everyday interfaces like smartphone pairing and infotainment consoles, reported the South China Morning Post (SCMP).

 

Since 2018, a significant amount of EV investment has been made in Malaysia (over 26 billion ringgit, [about $6.15 billion] from brands including Tesla, Mercedes-Benz, and Porsche). As these vehicles originate from a manufacturing plant and continue to have complex digital services (the interconnected digital ecosystem that enhances the functionality of the vehicle) and as the data and the systems that support these digital services continue to become more complex, the possibility of having that data stolen, or that the systems supporting those vehicles being compromised is becoming increasingly problematic.

 

The current environment in the Asia-Pacific region also adds to the dangers from hackers, as there are sophisticated networks of organised crime that are often working alongside these hackers or in complicity from a state actor perspective.

 

In a major attack in December 2024, a leak at Volkswagen through its software unit, Cariad, compromised sensitive data of nearly 800,000 electric vehicle users, including their usage histories, email addresses, and customer ID numbers.

 

 The data was stored on Amazon’s cloud servers but was left unsecured for over two years.

 

This incident shocked the global auto industry. It highlighted how modern EVs—often praised for their technology—can also become easy targets for cybercriminals.

 

And Volkswagen is not alone.

 

Earlier, researchers discovered that hackers could remotely access certain features of the Nissan Leaf through a simple trick: entering its vehicle ID (VIN) into a mobile app’s URL. In another case, a group of ethical hackers at a security conference in the US last year managed to break into EV chargers and disrupt their normal functioning.

 

Why are EVs more exposed to cyber risks? 

Electric vehicles aren’t just about batteries and motors but more like rolling computers. Most EVs are packed with sensors, GPS, internet connections, entertainment systems, and even smartphone pairing features. All of this generates a massive amount of personal data, from where you drive and when you charge your vehicle, to who your contacts are and what songs you play.

 

This data is usually stored in two places: inside the vehicle’s computer system and on cloud servers managed by the carmaker or charging network companies.

 

If these storage points aren’t well protected, hackers can find their way in.

 

How are EV chargers also part of the problem? 

It’s not just the car that’s at risk. The charging infrastructure, public charging stations and wall units at home, can also be a backdoor for hackers.

 

In some cases, researchers have shown that charging stations can be hijacked. For example, criminals can trick users with fake QR codes at charging points to steal money or personal data. According to a report by Israeli cybersecurity firm Upstream in February this year, hackers can also disrupt power flow and cause the charger to malfunction. They can even send remote commands to stop charging or tamper with the system.

 

Since most EV chargers are connected to the internet, weak security settings can allow hackers to interfere from anywhere in the world.

 

Have these hacks caused any real damage so far? 

Most of the known EV-related hacks have been carried out by security researchers, not criminals. These “white hat hackers” find flaws in systems and report them to companies so that they can fix the issues before someone malicious takes advantage.

 

However, the Volkswagen leak was real and it involved personal data being publicly exposed online.

 

Some governments and companies are also worried about foreign-made EVs being used to collect sensitive information. In the UK, defence staff have reportedly been advised not to pair their phones with certain EVs due to privacy concerns.

 

So while full-scale attacks haven’t yet happened, the threats are no longer theoretical.

 

How have carmakers responded? 

Most big carmakers are now taking cybersecurity more seriously. Just like your smartphone, EVs now receive frequent software patches to fix bugs and improve security. Companies like Tesla and others invite ethical hackers to test their systems, and reward them if they find a weakness. Additionally, carmakers are upgrading their apps to ensure users need proper verification before accessing vehicle controls.

 

Charging companies are also adopting newer, more secure communication protocols to prevent remote tampering of EV chargers.

 

What are governments doing about it? 

Some governments are beginning to set rules for vehicle cybersecurity. The United Nations has introduced a regulation that requires new cars to follow basic cybersecurity standards. This came into effect in parts of Europe, Japan, and South Korea in 2022.

 

India is yet to implement strict rules specifically for EV cybersecurity, but awareness is growing.

 

Is this a reason to avoid buying an EV? 

EVs are still much safer than many traditional cars in terms of driving and mechanical performance. But like any connected device including smartphones, laptops, or even smart TVs, they need cybersecurity awareness.

 

As EVs become mainstream, protecting user data and securing charging infrastructure will be just as important as range and battery life.