How to address the increasing threat of cyberattacks on EV charging stations
As electric vehicle adoption accelerates globally, a new frontier has emerged for cybercriminal activity: EV charging infrastructure. Charging stations are increasingly being targeted by various forms of cyberattacks, posing significant risks to both operators and users.
According to Upstream's Automotive & Smart Mobility Global Cybersecurity Report 2025, the year 2024 saw a sharp increase in cyber incidents, with electric vehicles being particularly vulnerable during active charging sessions.
Main security threats during charging
“Quishing” – QR code fraud
One of the most common and effective attack methods involves the placement of fraudulent QR codes on public charging stations. When scanned, these fake codes redirect users to counterfeit payment portals, leading to the theft of payment credentials. This method, known as “quishing” - a blend of “QR” and “phishing” - isn’t new, having already been used on devices like parking meters. However, it remains highly effective. EV drivers often realise something is wrong only when they notice their vehicle isn’t charging.
Cyberattacks targeting charging network operators
Cybercriminal groups are not limiting their attacks to individual stations; charging network operators themselves are also under threat. In an incident in November 2024, a hacker allegedly leaked 116,000 records containing sensitive information obtained from multiple charging providers through vulnerabilities in charging station systems. While some leaked data, such as charger locations or charging events, may not be inherently sensitive, personal information like email addresses and banking details can be easily exploited.
Malicious reprogramming of chargers
Charging stations are susceptible not only to physical vandalism but also to software manipulation. Hackers can reprogram chargers to collect and misuse sensitive user data. Infected chargers may serve as entry points for broader attacks on the entire network, or generating false demand to overload systems. This is why connecting charge points to any system should be done with proper mitigation methods in place.
How do we approach cybersecurity at Virta?
At Virta, our customer’s security is a top priority. That’s why we’ve established a dedicated information security management system (ISMS), overseen by a dedicated team. Our security framework is built on a continuous process that includes active risk management. Each identified risk is assigned an owner and addressed with appropriate measures.
Recognised international certifications
To ensure the highest standard of security, Virta has obtained several globally recognised certifications. We are ISO 27001 certified, which confirms our commitment to implementing stringent controls for protecting customer data. Additionally, we hold SOC 2 certification for security and availability, an auditing standard developed by the American Institute of Certified Public Accountants (AICPA).
Secure software development
Our back-end system is developed according to robust internal security standards. For application development, we follow the best industry standard, and we provide secure development training for our developers. Every system change undergoes rigorous review and testing in a staging environment before going live.
Virta routinely performs vulnerability scans, security audits, and penetration tests. Any issues identified are analysed, with patches and countermeasures deployed quickly.
Data protection and secure communication protocols
We use secure communication protocols throughout our data chain. To mitigate QR code fraud, we’ve introduced digital QR codes displayed directly on charger screens. Equipment security is continuously updated by both manufacturers and Virta, incorporating updates in OCPP (Open Charge Point Protocol) and regulatory standards.
All customer and user data is stored exclusively within the European Union or on the European continent, hosted on Amazon AWS Cloud. Access is strictly limited to designated personnel and is granted based on professional necessity, with permissions reviewed annually. Virta collects only the personally identifiable information required to provide services and retains it only for as long as needed.
Modern infrastructure and secure payments
Our systems are built to avoid reliance on a single data center which makes them more operationally resilient. An automated deployment pipeline ensures the production environment is consistently up-to-date with the latest security patches, while continuous vulnerability scans monitor for any deviations.
In terms of payment security, Virta has implemented strict safeguards to protect sensitive financial data. All credit and debit card information is processed and stored by our PCI-DSS (Payment Card Industry Data Security Standard) certified partner, ensuring top-tier protection for user transactions.
Comprehensive incident management process
We have established protocols for notifying relevant authorities, clearly communicate with stakeholders and ensure thorough incident documentation in case of any critical incidents. With our incident response program, we’re able to understand and resolve security incidents while maintaining proper communication procedures both internally and externally.
As cyberattacks grow in frequency and sophistication, the risks to EV charging stations range from data theft to far more severe consequences like disruptions to electrical infrastructure. In response, Virta has adopted a comprehensive, proactive security approach grounded in international standards, secure technologies, modern infrastructure, and regular testing protocols.
New content alerts
You may also like
These related stories
/electric-snowmobile-ac-charging-station-outside-cabin.webp?width=1920&height=1080&name=electric-snowmobile-ac-charging-station-outside-cabin.webp)
Experience Pyhä: The world’s first charging network for e-snowmobiles
/HEBERGER/heberger-ac-chargers-in-a-parking-lot.webp?width=1920&height=1080&name=heberger-ac-chargers-in-a-parking-lot.webp)
EV charger installation: What you need to know
/ev-charging-mobile-app-user-interface.webp?width=1920&height=1080&name=ev-charging-mobile-app-user-interface.webp)
Charge without a wallet – Virta's mobile app
/esled-electric-snowmobile-winter-landscape.webp?width=1920&height=1080&name=esled-electric-snowmobile-winter-landscape.webp)