Guardado en:
| Autores principales: | , , , |
|---|---|
| Formato: | Preprint |
| Publicado: |
2025
|
| Materias: | |
| Acceso en línea: | https://arxiv.org/abs/2512.15966 |
| Etiquetas: |
Agregar Etiqueta
Sin Etiquetas, Sea el primero en etiquetar este registro!
|
| _version_ | 1866910244147298304 |
|---|---|
| author | Löw, Jakob Vasu, Vishwa Hutzelmann, Thomas Hof, Hans-Joachim |
| author_facet | Löw, Jakob Vasu, Vishwa Hutzelmann, Thomas Hof, Hans-Joachim |
| contents | ISO 15118, the leading standard for DC fast charging in Europe, includes a plug-and-charge mechanism that allows electric vehicles to handle payment automatically via contract certificates. We present a novel relay attack against this mechanism: an attacker builds a fake charging station, plugs it into a victim's vehicle, and relays the cryptographic authentication to a real charging station - charging the attacker's vehicle while billing the victim. The attack exploits the absence of station-identifying information in the plug-and-charge signature, combined with weaknesses in how ISO 15118 handles TLS certificates. We provide a proof-of-concept implementation demonstrating the full attack chain and discuss possible mitigations and alternatives. As plug-and-charge adoption grows, addressing this vulnerability is critical before it becomes widely exploitable. |
| format | Preprint |
| id |
arxiv_https___arxiv_org_abs_2512_15966 |
| institution | arXiv |
| publishDate | 2025 |
| record_format | arxiv |
| spellingShingle | Charge It to My Neighbor: A Relay Attack on ISO 15118 Plug and Charge Payment Löw, Jakob Vasu, Vishwa Hutzelmann, Thomas Hof, Hans-Joachim Cryptography and Security ISO 15118, the leading standard for DC fast charging in Europe, includes a plug-and-charge mechanism that allows electric vehicles to handle payment automatically via contract certificates. We present a novel relay attack against this mechanism: an attacker builds a fake charging station, plugs it into a victim's vehicle, and relays the cryptographic authentication to a real charging station - charging the attacker's vehicle while billing the victim. The attack exploits the absence of station-identifying information in the plug-and-charge signature, combined with weaknesses in how ISO 15118 handles TLS certificates. We provide a proof-of-concept implementation demonstrating the full attack chain and discuss possible mitigations and alternatives. As plug-and-charge adoption grows, addressing this vulnerability is critical before it becomes widely exploitable. |
| title | Charge It to My Neighbor: A Relay Attack on ISO 15118 Plug and Charge Payment |
| topic | Cryptography and Security |
| url | https://arxiv.org/abs/2512.15966 |