Skip to main content

Vandalism and Security Threats at Electric Vehicle Charging Stations

|articles

20 min

Vandalism and Security Threats at Electric Vehicle Charging Stations

Whether it’s during everyday shopping or at a highway rest stop, electric charging stations are now a common sight in cities. But what if they suddenly stop working?

In 2025 alone, a total of 856,589 new electric vehicles were registered in Germany (Source: Federal Motor Transport Authority). As electric mobility grows rapidly, so does the importance of a comprehensive and reliable charging infrastructure. According to the Federal Network Agency, 141,659 standard charging points and 46,681 fast-charging points were in operation as of December 1, 2025. For charging point operators (CPOs), this development presents a twofold challenge: on the one hand, they must meet rising demand and operate their charging networks economically; on the other hand, they must also ensure their security. This is because the increasing presence of electric charging stations in public spaces does not only bring advantages. It also leads to new risks regarding the protection of this critical infrastructure. The growing connectivity and digitization of charging stations make them vulnerable to various types of attacks.

In the spring and summer of 2024, more than 40 thefts of permanently installed CCS charging cables at fast-charging stations were reported in the Leipzig region alone. Among those affected were Tesla Superchargers as well as charging parks operated by Allego, EWE Go, and Pfalzwerke. Two perpetrator profiles can be distinguished in these incidents. Perpetrator Profile 1 suggests a financial motive: The cables are deliberately cut to resell the copper they contain. The estimated proceeds amount to around €50 per cable, while the cost to operators for each replacement can reach up to €7,000 (source: electrive). Perpetrator Profile 2, on the other hand, points to sabotage. In these cases, cables or connectors are damaged to the point of being unusable. The sole aim here is to deliberately shut down the charging infrastructure.

These incidents illustrate that theft and sabotage not only pose economic and operational risks to operators but also significantly undermine user trust. To prevent operational disruptions, high follow-up costs, and a lasting loss of trust, operators and manufacturers alike must implement effective protective measures for their systems.

What specific security threats are associated with electric vehicle charging stations?

Public charging stations, wall boxes, and other electric charging devices are not only frequently targeted by vandalism, but also by cyberattacks and other criminal activities. These threats can be broadly divided into four different categories:

  • Vandalism: Physical damage to charging stations remains a common problem. Cables containing valuable metals such as copper are deliberately stolen or damaged, leading to outages and high repair costs. This vandalism is facilitated by inadequate security measures and the anonymity of public spaces.

  • Cyber-physical attacks: Charging stations are increasingly connected, making them vulnerable to digital attacks. Attackers can steal data (e.g., credit card information), manipulate charging stations (to destabilize the grid or hack cars), or otherwise misuse access to the charging systems.

  • Cyberattacks: Distributed Denial of Service (DDoS) attacks, API abuse, and Man-in-the-Middle (MITM) attacks are among the common methods targeting e-charging infrastructure. Attacks on customer data, such as account takeovers, also pose a major threat.

  • Manipulation of software and hardware: Since many EV charging stations are connected to smart systems, they offer attackers opportunities to manipulate the software. Hackers could exploit security vulnerabilities in the systems to disable charging stations or gain unauthorized access to payment functions.

How can electric vehicle charging stations be protected (retroactively) against threats?

The attacks described make it clear that operators must be prepared not only for traditional forms of vandalism, but also for targeted acts of sabotage and digital attacks. Accordingly, comprehensive security strategies are needed that address both physical and cyber-physical threats.

 

Physical protective measures based on the 4D principle

A proven approach comes from traditional perimeter security. Here, protective measures are divided into four categories—the so-called 4Ds:

  • Deter: Discourage potential intruders or attackers from even attempting to breach security.

  • Detect: Identify that an intrusion, attack, or security breach has occurred in order to respond in a timely manner.

  • Delay: Extend the amount of time it takes for an intruder or attacker to penetrate critical areas or access an organization’s key assets.

  • Deny: Block physical access to specific locations or assets.

Appropriate physical security measures for electric vehicle charging stations include:

  • Deter: Visible surveillance cameras (or decoys), motion detectors, and warning signs can deter potential offenders. Alarm systems that immediately trigger audio-visual alerts in the event of tampering or damage and send notifications to operators and authorities help to quickly detect and prevent damage.

  • Detect: Modern sensors can detect intruders and contribute to effective law enforcement.

  • Delay: To prevent cable theft and physical damage, charging stations can be equipped with reinforced housings. The cables can also be protected by special sheaths made of cut-resistant material.

  • Deny: Under certain conditions, physical access to the charging station perimeter can be denied, for example, during specific hours. However, “Deny” is not applicable to most IoT devices, as interaction with the devices is a prerequisite for the use case.

Beyond Physical Security: Cyber-Physical Attacks

In addition to theft and vandalism, attacks on the charging infrastructure’s IT and OT systems are becoming increasingly common. These range from DDoS attacks and API abuse to the manipulation of software or hardware.

This is where traditional perimeter security measures reach their limits. A forward-looking approach is therefore based on established tamper-detection standards that were developed specifically for the cyber-physical security of electronic devices. These standards can be divided into four levels:

  1. Tamper Resistance: Tampering is made more difficult through structural and technical measures.

  2. Tamper Evidence: Attempts at tampering must be visible or detectable.

  3. Tamper Detection: Attacks are detected, and operators are immediately notified.

  4. Tamper Responsiveness: Automated countermeasures are triggered as soon as tampering occurs.

PHYSEC's holistic solution

Our solution combines physical security, cybersecurity, and operational monitoring into a comprehensive security concept for electric vehicle charging stations. By intelligently integrating various technologies, we create a platform that detects both cyber and physical tampering while also optimizing operational performance, taking into account all security-related aspects.

A key component is PHYSEC SEAL, our tamper-proof condition monitoring solution. It detects irregularities at a charging station in real time. In addition to monitoring digital logs (e.g., Modbus TCP registers or other log sources), it can also reliably detect even minor physical tampering with the electronics or the surrounding area, such as unauthorized access to interfaces. With SEAL, we offer a technology that reliably detects and reports in real time any attempts to tamper with cables, enclosures, and systems. By integrating into existing charging infrastructure, SEAL provides operators with immediate transparency regarding security-related events. The collected information flows directly into the IoTree platform, where it is centrally analyzed and visualized. Thanks to integrated sensor technology, security-related conditions can be comprehensively monitored. For example, CPOs can detect whether a charging station is blocked by an unauthorized vehicle, whether critical components have been tampered with, or whether environmental parameters deviate from defined normal operating conditions.

The use of a digital twin, which continuously maps both the physical environment and the status of the control unit, provides significant added value. This creates a comprehensive overview that can be used for both safety verification and predictive maintenance. All data is consistently encrypted end-to-end and securely transmitted over long distances from remote locations. This enables location-independent monitoring, even for charging points in remote areas. This customized solution ensures that electric vehicle charging stations are monitored both securely and efficiently, which optimizes operations and minimizes the effort required for maintenance.

Regulatory Requirements for Electric Vehicle Charging Stations

Because electric vehicle charging stations lie at the intersection of the energy sector and the transportation sector, they are often considered critical infrastructure under the KRITIS Regulation and the European NIS 2 Directive. Accordingly, they are subject to a wide range of legal and regulatory requirements designed to ensure both safe operation and IT security.

  • Charging Station Ordinance (LSV): Sets technical standards, plug compatibility, billing, and access without a contract. Operators must ensure at all times that the requirements continue to be met, even after updates.

  • NIS 2 Directive (EU 2022/2555): Requires the implementation of an information security management system (ISMS), regular risk analyses, and reporting obligations in the event of security incidents. The goal is to strengthen cybersecurity within critical infrastructure.

  • IT Security Act 2.0 & BSI Critical Infrastructure Regulation: Companies classified as particularly relevant must comply with security standards in accordance with BSI guidelines. The BSI may order audits and corrective measures.

  • Data Protection & GDPR: Since charging stations process personal data (e.g., for user identification), the comprehensive provisions of the General Data Protection Regulation apply. CPOs must implement data protection by design and by default.

  • Cyber Resilience Act (CRA): An EU regulation mandating cybersecurity for products with digital elements. Manufacturers of charging stations and their software must incorporate security requirements early in the development process, provide security updates, and establish vulnerability management.

  • Critical Entities Resilience Directive (CER): Complements NIS-2 by establishing uniform enforcement and supervisory mechanisms within the EU. Operators of electric vehicle charging stations may face sanctions and fines for noncompliance. The goal of the CER Directive is to improve the resilience of critical entities and protect physical infrastructure.

Operators must ensure both availability and cost-effectiveness while also complying with regulatory requirements such as NIS-2 or CER. Traditional perimeter security is no longer sufficient here. What is needed are holistic security solutions that reliably detect physical tampering as well as digital attacks, while simultaneously supporting day-to-day operations. PHYSEC SEAL is a technology that enables charging infrastructure operators to protect their assets sustainably, build trust among users, and efficiently meet compliance requirements—whether by retrofitting existing systems or through direct integration at the OEM level.

 

Ensure your charging infrastructure is compliant and schedule a personalized consultation!

 

Security of EV Charging Stations with PHYSEC SEAL

SEAL can be retrofitted to existing charging stations without major structural modifications. The relevant information is simply retrieved from the control unit via ModBus TCP. The gateway can be mounted on a DIN rail inside the charging station, while the ATR is attached to the housing wall—in each case, taking thermal conditions and safety standards into account. In addition, sensors such as parking sensors, motion detectors, or GPS trackers can be integrated, and actuators such as sirens or additional lighting can be controlled via the SEAL gateway.

 

A 12–24V power supply or a 230V Schuko outlet is sufficient for operation. The system communicates with the control center via an NB-IoT wireless connection secured in accordance with BSI standards. LoRaWAN sensors are battery-powered but require an existing LoRaWAN infrastructure. Additional devices, such as lights or sirens, can also be controlled via the SEAL gateway.

 

The sensor system detects a wide range of tampering attempts, including cutting with bolt cutters, forced entry, thermal attacks (heat/cold), and sabotage of sensors such as motion detectors or GPS trackers. Through the connection to the PLC (programmable logic controller), the system also detects cable theft, the opening of door contacts, crash scenarios caused by collisions or impacts, and tampering with the system itself.

 

Yes. The system is capable of detecting even advanced attack methods such as needle probing and side-channel attacks. These are among the most sophisticated techniques used by professional attackers.

 

Operators are notified of attacks in real time. Notifications can be sent via email or SMS, and API integrations with existing systems—such as MQTT-based systems—are available. Integration with SCADA systems is also planned.

 

Yes. In collaboration with the operator, an escalation process is developed to forward reports to on-call services or security companies. In addition, intervention measures, such as deactivating a charging station or activating video surveillance, can be triggered automatically.

 

SEAL demonstrably supports operators in implementing key requirements, such as end-to-end encryption, tamper and event detection, monitoring and reporting, as well as API interfaces for SOC/SIEM. Full compliance is achieved in conjunction with operator processes, such as an ISMS in accordance with NIS-2, reporting processes under Article 23 of NIS-2, or evidence in accordance with IT-SiG 2.0 and AFIR.

 

Back