An efficient operation of the electric shared mobility system (ESMS) relies heavily on seamless interconnections between shared electric vehicles (SEV), electric vehicle supply equipment (EVSE), and the grid. Nevertheless, this interconnectivity also makes the ESMS vulnerable to cyberattacks that may cause short-term breakdowns or long-term degradation of the ESMS. This study focuses on one such attack with long-lasting effects, the Delayed Charge Attack (DCA), that stealthily delays the charging service by exploiting the physical and communication vulnerabilities. To begin, we present the ESMS threat model by highlighting the assets, information flow, and access points. We next identify a linked sequence of vulnerabilities as a viable attack vector for launching DCA. Then, we detail the implementation of DCA, which can effectively bypass the detection in the SEV's battery management system and the cross-verification in the cloud environment. We test the DCA model against various Anomaly Detection (AD) algorithms by simulating the DCA dynamics in a Susceptible-Infectious-Removed-Susceptible (SIRS) process, where the EVSE can be compromised by the DCA or detected for repair. Using real-world taxi trip data and EVSE locations in New York City, the DCA model allows us to explore the long-term impacts and validate the system consequences. The results show that a 10-min delay will result in 12-min longer queuing times and 8% more unfulfilled requests, leading to a 10.7% (\$311.7) weekly revenue loss per driver. With the AD algorithms, the weekly revenue loss remains at 3.8% (\$111.8), suggesting the robustness of the DCA.

翻译：摘要：电动共享出行系统（ESMS）的高效运行高度依赖于共享电动汽车（SEV）、电动汽车供电设备（EVSE）与电网之间的无缝互联。然而，这种互联性也使ESMS易受网络攻击，可能导致系统的短期瘫痪或长期性能退化。本研究聚焦于一种具有持久影响的此类攻击——延迟充电攻击（DCA），该攻击通过利用物理和通信漏洞，隐蔽地延迟充电服务。首先，我们通过突出资产、信息流和访问点，提出了ESMS威胁模型。接着，我们识别出一组关联的漏洞序列，作为发起DCA的可行攻击向量。然后，我们详细描述了DCA的实现过程，该方法能有效绕过SEV电池管理系统中的检测以及云环境中的交叉验证。我们通过模拟易感-感染-移除-易感（SIRS）过程中的DCA动态（其中EVSE可能被DCA入侵或被检测以进行修复），测试了DCA模型在各种异常检测（AD）算法下的表现。利用纽约市的真实出租车行程数据和EVSE位置，DCA模型使我们能够探索其长期影响并验证系统后果。结果表明，10分钟的延迟将导致队列等待时间增加12分钟，未满足请求增加8%，进而使每位司机的周收入损失达10.7%（311.7美元）。即使采用AD算法，周收入损失仍维持在3.8%（111.8美元），这显示出DCA的鲁棒性。