One of the biggest frustrations that EV drivers face is the huge number of different ways of paying for EV charging, along with a big variation in the quality of customer experience.
The fact that you have to pull out the right app to activate charging is stress that most of us neither need nor want. What’s more, every time you plug in, you are activating an insecure connection to a charger that puts you and your car at risk of being hacked by a malicious actor.
Anyone who has activated Autocharge with Evie Networks or has driven a Tesla to a supercharger will know that simplicity is just plugging your car in and having the charge start straight away.
However, these tools are limited to specific networks and specific vehicles. True simplicity would be to plug into any charger and have the charge start and be billed fairly and accurately for the kWh delivered.
Hubject was founded by a consortium of German automakers (VW Group, Mercedes, and BMW) and utility companies to simplify charging.
They are one of several hub platforms operating in Europe, connecting thousands of charge point operators (CPOs) and hundreds of thousands of chargers with Mobility Service Providers (MSPs)—companies that operate apps and sell charging—and, of course, the millions of drivers across Europe.
Hubject has led the field in rolling out Plug and Charge across multiple OEMs and CPO networks. Plug and Charge is simplicity for the driver but is enabled by a complex security architecture laid out in the ISO 15118 standards.
Car and charger have to have a security certificate installed tied back to a common root certificate. By exchanging certificates, car and charger can establish trust and a secure communications link.
Once this link is enabled, the car can present a charging contract certificate to the CPO, which can then be checked for validity with the MSP that issued it by using a hub platform such as Hubject. This means that drivers of cars from Volvo, Polestar, BMW, VW, Mercedes, and many others can access Plug and Charge at chargers across Europe and, increasingly, the USA.
There is one problem though: the vehicle certificate is typically installed by the OEM during production, and most vehicles are only capable of hosting a single certificate. This means that Hubject has a lock on many vehicle brands and, through that, a driver has had to choose an MSP that uses the Hubject Hub.
The EU, in particular, sees this as potentially an anti-competitive monopoly, with Hubject having the potential to lock drivers into their ecosystem with their first mover advantage.
This changes from today as Hubject signed an interoperability agreement with one of its largest competitors, Gireve, a French operator of one of the other largest hub platforms, and Irdeto, a global cybersecurity and trust management firm.
Think of this as Visa and Mastercard partnering to pass each other’s secure credit card tokens through each other’s networks.
Irdeto has created CrossCharge to enable these competing players to establish trust between their two certificate chains. It means that drivers, CPOs, and MSPs have the freedom to choose their preferred service provider. Hubject CEO, Christian Hahn, stated that this is “ensuring that a competitive market for Plug and Charge can be established.”
In speaking with Christian Hahn, The Driven learnt that Hubject sees a future where roaming transactions get cheaper to process as platforms such as Gireve and Hubject scale and compete. Hubject sees its future in taking a small slice of an increasing set of products and services enabled by their hub platform and this interoperable security architecture.
So where does this leave Australia?
In Australia today, other than on the Tesla Supercharger Network, not a single communication between car and charger is securely encrypted.
Man-in-the-middle attacks injecting code into the unencrypted comms between car and charger are possible, and although The Driven is not aware of an exploit of this vulnerability, one of the first principles of cybersecurity is to close security holes because the risk of an exploit being used to control or damage critical infrastructure is always present.
What is concerning is that this is not a concern in Australia. V2G charging is secured using the same ISO 15118-based security architecture.
Despite the fact that the energy industry has recently taken steps to secure communications with Consumer Energy Resources such as batteries and solar inverters using the CSIP-AUS standard, which implements a very similar certificate, trust, and encryption system as used in ISO 15118 to secure charging.
In the main Australian DC Fast Charging CPOs are ready for this. Evie Networks and BP use back-end systems from EV Connect which has been certified against Hubject along with the Tritium, Kempower, and Alpitronic chargers.
Similarly, AGL and Exploren have a certified backend with Ampeco, as does NRMA with their drivzs-based platform; and of course Origin has a stake in Octopus, which operates Plug and Charge with select vehicle brands on its Electroverse MSP platform in the UK.
So what’s the hold-up? No Australian vehicle OEM has taken the plunge to angle this in their vehicles in Australia despite 18 brands that sell in Australia being certified by Hubject.
It can be hoped that the ChargeConnect interoperability system launched by Irdeto, Hubject, and Gireve today can quell any fears Australian OEMs might have about locking themselves to a single Plug and Charge vendor and encourage them to secure charging connections using a mature, global standard.
Or will government have to act to secure our critical charging infrastructure?
Want the latest EV news delivered straight to your inbox? Subscribe to our free daily newsletter




