EVSE Cybersecurity: Threat Landscape and the Road Ahead

Electric vehicle charging is now part of critical infrastructure. Securing it protects drivers, supports the grid, and keeps public spaces safe. A new in-depth report, EVSE Cybersecurity: Threat Landscape and the Road Ahead, maps today’s attack surface and explains what it takes to build stronger charging networks.

The report combines hands-on research, protocol and firmware analysis, and threat intelligence from the clear, deep, and dark web. It also highlights results from Pwn2Own Automotive, where researchers demonstrated 50+ zero-day vulnerabilities, underscoring why compliance alone is not enough. The conclusion is clear: organizations should adopt defense-in-depth across the EVSE stack, including secure firmware, authenticated communications, update integrity, and continuous monitoring.

Readers will find practical context on common weaknesses and mitigations, including buffer overflows and improper input validation, and measures such as address space layout randomization, stack canaries, and strict input handling. Appendices summarize ZDI advisories linked to Pwn2Own Automotive along with associated CWE classifications to support engineering and risk triage.

Read the full report here:

To explore EVSE cybersecurity testing at ACM, including a free firmware vulnerability scan for eligible companies, visit our EVSE Cybersecurity page.

About this publication:
Developed by VicOne in collaboration with the American Center for Mobility (ACM).
Author: William Dalton, VP and Managing Director, VicOne
Foreword: Reuben Sarkar, President and CEO, ACM