EV Charge Point Security Under Fire: 82% Businesses Breached

Eseye

IoT Hardware and Connectivity Specialists

Electric vehicles are mainstream now. And the charging infrastructure powering them is one of the most mature sectors for IoT. Our 2025 State of IoT research found that many EV charging businesses already manage estates of 5,001–10,000 devices, and 77% plan to expand further. Over a third (36%) expect to double or even treble their deployments.

But here’s the shift: while estate expansion remains strong, budget confidence is faltering. In 2024, 88% of businesses planned to grow their estates and 84% expected to raise IoT budgets. This year, just 56% plan to increase spend, while 20% anticipate cuts. Deployment continues, but momentum is cooling.

As pressure mounts to hit net zero goals, the EV sector can’t afford to stall. Let’s explore the key survey findings for this vertical, and find out some of the hidden security vulnerabilities in EV charging infrastructure.

From growth at all costs to measured expansion

Last year, the EV charging industry was riding high. Connectivity satisfaction was the highest across all sectors (98%), and growth plans were ambitious. At the time, increased revenue was the top IoT benefit (65%).

Fast forward to 2025, and the picture is evolving. Estate expansion remains healthy, but businesses are tightening budgets and refocusing priorities. Sustainability now leads as the most important outcome (47%), followed by social impact (40%) and cost efficiency (38%).

This is a sign of a sector maturing. Revenue growth is still important, but the industry is now aligning IoT investments more closely with environmental and societal goals.

Closing the range and reliability gap

From the US to the UK, EV charging infrastructure is under pressure to keep pace with surging adoption. Drivers still cite range anxiety, infrastructure gaps, and slow charging speeds as major frustrations.

IoT is key to solving these pain points:

Fast charging management: Optimizing power distribution across the grid to reduce bottlenecks.
Real-time availability: Giving drivers live updates on which charge points are free.
Payment integration: Seamlessly connecting charging sessions with secure transactions.

But delivering these outcomes requires reliable, secure, always-on connectivity across thousands of distributed endpoints. That’s a challenge the industry hasn’t fully cracked.

Download the 2025 State of IoT Report and explore the complete analysis.

When every charge point becomes a target

EV charge points aren’t just devices; they’re part of critical infrastructure. And they’re uniquely exposed. Publicly distributed, handling sensitive payments, and often lacking consistent firmware updates, they represent an attractive target for cyberattacks.

The risks are real, and they’re multiplying:

“Quishing” (QR code fraud): Fraudulent QR codes are placed on chargers, diverting users to counterfeit payment portals. Payment credentials are stolen, and drivers often only realise something is wrong when their EV isn’t charging.
Malicious reprogramming: Hackers can reprogram chargers to harvest data or overload systems with false demand. Compromised chargers can also act as gateways into broader networks.
RFID card duplication: Using skimmers, attackers can clone RFID cards to initiate or even run simultaneous charging sessions for free. Without proactive monitoring and encrypted RFID communication, operators risk significant revenue loss.
Driver identities on the Darknet: Stolen personal information fuels identity theft, payment fraud, and even unauthorized access to EV systems. Proactive Darknet monitoring is vital to detect and respond quickly.
Diagnostic command exploitation: Weaknesses in OCPP’s diagnostic commands can expose sensitive operational data, from WiFi passwords to system logs, if not properly protected. Regular penetration testing helps uncover these vulnerabilities.
Physical tampering: Attackers can force open charger doors and connect USB cables to alter configurations, gain free charging, or extract data. Automated error alerts within OCPP can flag such attempts in real time.

In the past 12 months alone, 82% of EV charging businesses reported an IoT-related security breach. Without proactive measures, the attack surface will only expand as estates scale. Security is not an afterthought — it is the foundation of a resilient charging network.

From grid to plug: IoT’s impact on EV Charging

Despite the challenges, the case for IoT in EV charging has never been stronger. It powers every part of the driver experience and the operator business model:

Optimizing charging processes to reduce wait times and balance energy load.
Adding customer services like reservations, loyalty schemes, and predictive maintenance.
Enabling new revenue models through partnerships with utilities and retailers.
Supporting sustainability goals by integrating renewable energy sources into charging networks.

Each benefit directly supports the shift toward cleaner, more efficient transport systems, making IoT a strategic enabler for the EV revolution.

Building confidence through end-to-end security

The EV sector doesn’t lack ambition. What it needs now is confidence that every deployed device is secure, every transaction is safe, and every data flow is reliable. That starts with embedding security throughout the IoT deployment lifecycle.

Eseye addresses this imperative with a layered, end-to-end security approach to IoT connectivity:

Private APNs and VPNs: Custom APNs authenticate and route device traffic securely, backed by VPN encryption to prevent interception.
Certificate-based access and real-time threat monitoring: Only legitimate devices connect, while continuous monitoring detects anomalies before they escalate.
Secure cloud integration: With AWS IoT Core and Device Defender, device behavior is constantly monitored, and deviations trigger instant alerts.
SIM and hardware safeguards: IMEI and location locking, plus embedded SIM options, lock down both the logical and physical layers of IoT deployments.

Jeremy Wood, Senior Account Director at Eseye, comments:

“Over the past six months, our EV charging customers have enhanced their security posture by conducting advanced penetration testing to ensure their devices remain robust and resilient against potential threats.”

Discover more about Eseye’s IoT Security solutions here.

See where your business stands when it comes to IoT.

Read the full 2025 State of IoT Report to uncover how EV charging, and five other industries, are really deploying IoT, where they’re hitting challenges, and what it takes to succeed at scale.

Get the report