An efficient operation of the electric shared mobility system (ESMS) relies heavily on seamless interconnections among shared electric vehicles (SEV), electric vehicle supply equipment (EVSE), and the grid. Nevertheless, this interconnectivity also makes the ESMS vulnerable to cyberattacks that may cause short-term breakdowns or long-term degradation of the ESMS. This study focuses on one such attack with long-lasting effects, the Delayed Charge Attack (DCA), that stealthily delays the charging service by exploiting the physical and communication vulnerabilities. To begin, we present the ESMS threat model by highlighting the assets, information flow, and access points. We next identify a linked sequence of vulnerabilities as a viable attack vector for launching DCA. Then, we detail the implementation of DCA, which can effectively bypass the detection in the SEV's battery management system and the cross-verification in the cloud environment. We test the DCA model against various Anomaly Detection (AD) algorithms by simulating the DCA dynamics in a Susceptible-Infectious-Removed-Susceptible process, where the EVSE can be compromised by the DCA or detected for repair. Using real-world taxi trip data and EVSE locations in New York City, the DCA model allows us to explore the long-term impacts and validate the system consequences. The results show that a 10-min delay results in 12-min longer queuing times and 8% more unfulfilled requests, leading to a 10.7% (\$311.7) weekly revenue loss per driver. With the AD algorithms, the weekly revenue loss remains at least 3.8% (\$111.8) with increased repair costs of \$36,000, suggesting the DCA's robustness against the AD.

翻译：电动共享出行系统（ESMS）的高效运行高度依赖共享电动汽车（SEV）、电动汽车供电设备（EVSE）与电网之间的无缝互联。然而，这种互联性也使ESMS易受网络攻击，此类攻击可能导致ESMS短期瘫痪或长期性能退化。本研究聚焦于一种具有长期影响的攻击——延迟充电攻击（DCA），该攻击通过利用物理与通信漏洞隐蔽地延迟充电服务。首先，我们通过突出资产、信息流和接入点来构建ESMS威胁模型。随后，识别出一系列相互关联的漏洞作为发起DCA的可行攻击向量。进而详细阐述DCA的实现方式，该方式能有效绕过SEV电池管理系统中的检测以及云环境中的交叉验证。我们通过模拟DCA在易感-感染-移除-易感过程中的动态特性，测试DCA模型对多种异常检测（AD）算法的对抗能力，其中EVSE可能被DCA攻陷或被检测维修。利用纽约市真实的出租车行程数据与EVSE位置信息，DCA模型使我们能够探索长期影响并验证系统后果。结果表明，10分钟延迟导致排队时间增加12分钟，未满足请求增加8%，进而使每位司机周收入损失10.7%（311.7美元）。即便采用异常检测算法，周收入损失仍至少为3.8%（111.8美元），同时维修成本增加36,000美元，这表明DCA对异常检测具有鲁棒性。